funsec mailing list archives

Previous By Date Next
Previous By Thread Next

SQL attacks: now using .MOBI domains and installing scareware

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 2 Jul 2008 12:46:21 +0300 (EEST)
.mobi in SQL Injection attacks is not so common...


From SophosLabs blog:


"Everyday, I look through the domains we detect as Troj/Iframe-AG because they are the domains associated with the SQL 
injections that have been plaguing the web over the last few months (1, 2, 3 and 4).

This morning I saw three domains making use of the .MOBI TLD. The use of a .MOBI TLD is unusual and I was going to talk 
about all the possible new TLDs that people could use in the future (following the ICANN meeting last week). However, 
something more interesting was spotted.

Quickly visiting these sites to see is they were legitimate, we (Fraser and I) noticed that the root of each site 
attempted to load a script ‘AD.JS’. This in turn attempted to load another website - a fake anti-virus install site."
---clip--

More at
http://www.sophos.com/security/blog/2008/06/1525.html

Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: