In this section

• Home
• Security
• SophosLabs blog
• 2007
• 10

• Analyses
• SophosLabs
• SophosLabs blog
• Spyware and adware
• Top 10 malware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

16 October 2007 08:49 GMT

Things are looking quite iffy for a large number of sites

SophosLabs are in the process of contacting one of the people hit by this latest burst of Troj/Iffy-B infections.

The reason that this one caught my eye was that on the same site was a copy of Exp/QTP-A.

First, let us look at the Troj/Iffy-B infections!

As for previous flowcharts describing web attacks that we’ve included in this blog :

• green arrow: iframe
• red arrow: exploit
• solid line: between different domains
• dotted line: between files on the same domain

Ultimately, Troj/Iffy-B will attempt to download a Trojan, proactively detected as Mal/Behav-066, via Iframes and exploits.

This brings me back to the occurrence of Exp/QTP-A on the initial hacked website. For many years now, the importance of ensuring that desktops are kept up to date with the latest patches has been highlighted, but these regular infections of webservers shows that it is just as important to ensure all machines, including webservers are monitored and maintained at the same level

Pob, SophosLabs, UK

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot