[funsec] Chinese Internet Security Response Team Website Hosting M
alicious Cont ent
Paul Ferguson
fergdawg at netzero.net
Tue Oct 2 14:34:30 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, this site is STILL hosting malicious content.
PLEASE USE CAUTION.
- - ferg
- -- "Paul Ferguson" <fergdawg at netzero.net> wrote:
Via El Reg.
[snip]
A recent post by the team at the Chinese Internet Security Response Team to
their English-language site indicates that some of the site visitors are
experiencing an attack from the CISRT.org site as a result of an injected
IFRAME tag.
Injected IFRAME tags are not a new means of using legitimate sites to
launch attacks on unsuspecting users, with a recent notable case being the
Bank of India hack. What is different in this case is that the hack is only
being served to seemingly random site visitors.
[snip]
More:
http://www.theregister.co.uk/2007/10/02/chinese_internet_security_response_
team_attacked/
Note: I'm wondering if it is still hosting malicious content -- there is a
lot of embedded JavaScript at that site that I just don't have time right
now to examine in more detail. It is my opinion that a CERT/CSIRT webpage
shouldn't be a JavaScript minefield.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHAp08q1pz9mNUZTMRAqAVAKC1cWhm4mchNpyradDOGGywtXZOmQCfWLIw
EoODVZJWXazEe+R94YgowGc=
=cTF3
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list