Monday, February 18, 2008

Malware Embedded Link at Pod-Planet

The "the World's largest Podcast Directory" is currently embedded with a malicious link, whereas thankfully the campaign's already in an undercover phrase and stopped responding over the weekend. The embedded link points to ame8.com/a.js (222.73.254.56) then loads ame8.com/app/helptop.do, once deobfuscated attempts to load ame8.com/app/cc.do as well as 51.la/?1587102 acting as the counter for the campaign. In case you remember, the web counter services offered by 51.la were also used in the malware embedded attack at Chinese Internet Security Response Team. And with ame8.com hosted in China, someone's either engineering a situation where we're supposed to believe it's Chinese malicious parties behind it, thereby taking advantage of the media buzz, or it's Chinese attackers for real. For this particular case however, I'd go for the second scenario.

No comments:

Post a Comment