Wednesday, November 02, 2022

Exposing a Malware Serving Client-Side Exploits Serving Campaign at CNET's Download.com Abusing Input Validation Flaws - An Analysis

NOTE:

I took these screenshots in 2008.

Did you know that back in 2008 CNET's Download.com used to suffer from a major input validation flaw which the infamous back then RBN (Russian Business Network) used to exploit in terms of having automatically and rogue and bogus users registering on the Web site and posting iFrame injected comments which were in fact redirecting the Web site's users to a malware-serving client-side exploits serving campaigns and domains courtesy of the RBN? Check out the analysis.

Sample screenshots include:


Stay tuned!

No comments:

Post a Comment