본문 바로가기
모의해킹 (WAPT)

Injection attack in progress

by 날으는물고기 2014. 3. 18.

Injection attack in progress

A couple of injection attacks seem to be in progress, I haven't quite got to the bottom of them yet.. but you might want to block the following domains:

fsv-hoopte-winsen.de
grupocbi.com

These are hosted on 82.165.77.21 and 72.47.228.162 respectively.

The malware is resistant to automated tools and redirects improperly-formed attempt to analyse it to Bing [1][2]. The malware is appended to hacked .js files on target sites and looks similar to this:



This sort of attack has been used to push fake software updates in the past. Even though I can't quite get to the bottom of this at the moment, you can be pretty sure that this is Nothing Good and I would recommend blocking these domains.



출처 : blog.dynamoo.com

728x90

댓글