Wednesday, May 21, 2008

The Serving Malware

The a parody site of the original is serving malware. From TrendMicro's blog :

"According to Trend Micro Advanced Threats Researcher David Sancho, has been compromised to harbor some malicious, obfuscated JavaScript code which “background downloads” code to unsuspecting visitors of the site, where a malicious file is downloaded (which is detected by Trend Micro as TROJ_DELF.GKP ). Of course, the official White House Web site is, and although it has been reported that some people believe is the real deal, even those looking for this site specifically should be forewarned."

The malicious domain embedded within the site ( is using Mal/ObfJS-AP/Exploit:HTML/AdoStream to serve the malware, whereas the domain itself is using DNS servers known to provide service to malicious domains from previous malware embedded attacks that I've been assessing.

No comments:

Post a Comment