[funsec] Syrian Embassy UK Website Hacked

Paul Ferguson fergdawg at netzero.net
Tue Sep 25 21:39:40 CDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Websense.

[snip]

The site www.syrianembassy.co.uk contains three unique iframes that direct
visitors to malicious Web sites. The iframes use various techniques to
evade detection, including Javascript Obfuscation. The iframes point to
hosts in the United States, Malaysia, and the Ukraine.

The Mpack attack toolkit is hosted on one of these sites and attempts
several exploits depending on OS, browser, and plugin versions. The end
result is that two Trojan Downloaders are dropped on visitors' computers
from two of the iframes.

[snip]

More:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=806

Note: And yes, it is still compromised at this hour.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFG+cZlq1pz9mNUZTMRAmYVAKD5jAt4mln+BfuLHjfczq+OBn5mjQCfa1OP
ASi7JfNfTQIn3vq3mHQE0/A=
=9eP2
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the funsec mailing list