Sophos

Download Windows 7 security - A great leap forward or business as usual?

« W32/Liji-A virus propagation Italian Jooob »

Hop, Hop, Phish

An increasing volume of web-based malware campaigns use compromised legitimate sites in their infection mechanisms. The technique is very common in phishing as well of course. As an example, one seen today uses two compromised sites.

Firstly, the fake login page is hosted on a compromised construction site based in the US. The hackers have simply dropped a single HTML file (postinfo.html) to that machine containing a simple redirect:


<meta content="0;url=http://(ip_address)/.www.keypointcu.com/">

The server redirected to is another legitimate box, this time in Chile! This has been compromised and is now serving up the fake login page used in the phishing attack.

KeyPoint CU Phish

Posted on April 27th, 2007 by Fraser Howard, SophosLabs UK
Filed under: Uncategorized

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts