[funsec] Syrian Embassy UK Website Hacked
fergdawg at netzero.net
Tue Sep 25 21:39:40 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
The site www.syrianembassy.co.uk contains three unique iframes that direct
visitors to malicious Web sites. The iframes use various techniques to
hosts in the United States, Malaysia, and the Ukraine.
The Mpack attack toolkit is hosted on one of these sites and attempts
several exploits depending on OS, browser, and plugin versions. The end
result is that two Trojan Downloaders are dropped on visitors' computers
from two of the iframes.
Note: And yes, it is still compromised at this hour.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec