Sunday, April 08, 2007

ANI - Sunday morning - Phax Phishing continues

Hi folks,

We've now received some more reports of Phax Phishing (that's where they send you a fax and try to convince you to visit an exploitive URL on your pc), and while we find it highly amusing, I guess it must work at least a bit or the Bad Guys wouldn't keep doing it. What this means is ... watch out for faxes. :-)

ANI-serving websites continue to pop up all over, but the Chinese websites deserve a special mention because of the convoluted nature of the hacks. When we find hacked websites, it's quite common to find they've been hacked multiple times, usually by different gangs, but sometimes multiple times by the same gang (which is also amusing, as well as instructive, because it proves that the hacks are automated .... human beings are not doing it by hand), but the hacked Chinese websites are _impressively_ cross hacked.

They're all using the same exploit combination... MS06-014 (modified to infect up to and including an August 2006 patch), MS07-004, and the ANI exploit... so the cross-hacks don't raise the danger much as far as regular web surfers are concerned, but do they make it difficult for researchers to categorize and understand. We can typicially figure out who we're dealing with by examining which exploit combinations are being used, together with how they're encrypted, together with the payload, but the cross-hacks, with their sheer volumes, make it really tough going, albeit _very_ interesting.




Post a Comment

<< Home