Malware Embedded Link at Pod-Planet
0
The "the World's largest Podcast Directory" is currently embedded with a malicious link, whereas thankfully the campaign's already in an undercover phrase and stopped responding over the weekend. The embedded link points to ame8.com/a.js (222.73.254.56) then loads ame8.com/app/helptop.do, once deobfuscated attempts to load ame8.com/app/cc.do as well as 51.la/?1587102 acting as the counter for the campaign. In case you remember, the web counter services offered by 51.la were also used in the malware embedded attack at Chinese Internet Security Response Team. And with ame8.com hosted in China, someone's either engineering a situation where we're supposed to believe it's Chinese malicious parties behind it, thereby taking advantage of the media buzz, or it's Chinese attackers for real. For this particular case however, I'd go for the second scenario.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
0 Comments: