Blog for hpHosts, and whatever else I feel like writing about ....

Friday 10 April 2009

Hosted javascript leading to .cn PDF malware

Unfortunately such subject lines are all so common. However, lets work through this one together to show an excellent tool, and a common source.

Steve Burn over at it-mate.co.uk submitted an investigation they had been running into a number of sites hosted by a single hosting provider being compromised and leading to malware.

So, lets look at a few examples:

Firstly, just a simple proof that the exploit is still in place, lets look at :

hxxp://www.adammcgrath.ca (216.97.237.30 - Whois : OrgName: Lunar Pages)

If you simply curl, or wget, the home page of this site, you'll get


Read the full article
http://isc2.sans.org/diary.html?storyid=6178

No comments: