Exposing a Malware Serving Client-Side Exploits Serving Campaign at CNET's Download.com Abusing Input Validation Flaws - An Analysis
0
I took these screenshots in 2008.
Did you know that back in 2008 CNET's Download.com used to suffer from a major input validation flaw which the infamous back then RBN (Russian Business Network) used to exploit in terms of having automatically and rogue and bogus users registering on the Web site and posting iFrame injected comments which were in fact redirecting the Web site's users to a malware-serving client-side exploits serving campaigns and domains courtesy of the RBN? Check out the analysis.
Sample screenshots include:
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
0 Comments: