Things are looking quite iffy for a large number of sites

SophosLabs are in the process of contacting one of the people hit by this latest burst of Troj/Iffy-B infections.

The reason that this one caught my eye was that on the same site was a copy of Exp/QTP-A.

First, let us look at the Troj/Iffy-B infections!

As for previous flowcharts describing web attacks that we’ve included in this blog :

green arrow: iframe
red arrow: exploit
solid line: between different domains
dotted line: between files on the same domain

Ultimately, Troj/Iffy-B will attempt to download a Trojan, proactively detected as Mal/Behav-066, via Iframes and exploits.

This brings me back to the occurrence of Exp/QTP-A on the initial hacked website. For many years now, the importance of ensuring that desktops are kept up to date with the latest patches has been highlighted, but these regular infections of webservers shows that it is just as important to ensure all machines, including webservers are monitored and maintained at the same level

Posted on October 16th, 2007 by Pob, SophosLabs, UK
Filed under: Malware, Web

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog