funsec mailing list archives
SQL attacks: now using .MOBI domains and installing scareware
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 2 Jul 2008 12:46:21 +0300 (EEST)
.mobi in SQL Injection attacks is not so common...
From SophosLabs blog:
"Everyday, I look through the domains we detect as Troj/Iframe-AG because they are the domains associated with the SQL injections that have been plaguing the web over the last few months (1, 2, 3 and 4). This morning I saw three domains making use of the .MOBI TLD. The use of a .MOBI TLD is unusual and I was going to talk about all the possible new TLDs that people could use in the future (following the ICANN meeting last week). However, something more interesting was spotted. Quickly visiting these sites to see is they were legitimate, we (Fraser and I) noticed that the root of each site attempted to load a script AD.JS. This in turn attempted to load another website - a fake anti-virus install site." ---clip-- More at http://www.sophos.com/security/blog/2008/06/1525.html Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SQL attacks: now using .MOBI domains and installing scareware Juha-Matti Laurio (Jul 02)