SecurityHome.eu WSLabs, Malicious Web site / Malicious Code: Audi's Taiwan site compromised

Home / mailings PDF

WSLabs, Malicious Web site / Malicious Code: Audi's Taiwan site compromised
Posted on 24 May 2007
Websense Security Lab
Websense® Security Labs(TM) has discovered that the official site of Audi in Taiwan has been compromised.

The site www.audi.com.tw contains an iframe that leads to another page located on the domain www.misofthelp.com. This site is obfuscated, using the 7-bit US-ASCII bypass technique. Once this obfuscation technique is bypassed, the script is further obfuscated. The resulting decoded page reveals a Visual Basic Script that contains an ADOdb (database extraction library) exploit. The exploit within the page downloads and executes a file called update.exe (Trojan PWS).

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=776

TOP

Mailings :

[gentoo-announce] [ GLSA 202405-16 ] Apache Commons BCEL: Remote Code Execution
[gentoo-announce] [ GLSA 202405-15 ] Mozilla Firefox: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-14 ] QtWebEngine: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-13 ] borgmatic: Shell Injection
[gentoo-announce] [ GLSA 202405-12 ] Pillow: Multiple Vulnerabilities

Last 20

Exploits :

SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection
htmlLawed 1.2.5 Remote Command Execution
Online Tours And Travels Management System 1.0 SQL Injection

Last 20

WSLabs, Malicious Web site / Malicious Code: Audi&#039;s Taiwan site compromised

Mailings :

Exploits :

WSLabs, Malicious Web site / Malicious Code: Audi's Taiwan site compromised