Sunday, March 23, 2008

Arthur C Clark dies, and gets hacked!

Can't you see the pattern emerging??

Seriously though, (careful) has had an iframe injected into it, and it's reaching out to another seemingly hacked site ( - careful),

and launching a encrypted javascript

that turns out to be a simple and venerable MS06-014 exploit.

It's not an exploit pack, so it's just a single exploit, and it's tracking IPs, so it'll only come once, but it's there.

And the exploit is only an MS06-014, but the point is that if the website is vulnerable enough to have a mouldie old exploit injected, it could have something much newer and fiercer. needs to fix their website, and we've sent them an email about it. Hopefully they will, because they get an awful lot of visitors each month.





At 10:40 AM, Anonymous Anonymous said...

nice description of the exploit. can you talk about how the javascript payload in the response gets decrypted? Also, how did the hacker inject the iframe to begin with? Thanks!


Post a Comment

<< Home