| Even Incident Response Teams are not Safe |
 |
 |
 |
| Written by Editor |
| Wednesday, 03 October 2007 13:14 |
|
It seems that the Chinese Internet Security Response Team (C.I.S.R.T) has been a target for attack. In a post to the English language site they confirm that there has been a problem. The problem it seems is that some users of the C.I.S.R.T site have been served an altered web page that includes a malicious IFRAME tag that is directing visitors to a download location for malware.They believe that the attack has not resulted in the compromise of their web server, but is a targeted ARP spoofing attack, from a machine that has been compromised on the network of their web hosting provider. It is understood that the attack makes use of an exploit for the BaoFeng Storm MPS ActiveX attack. If successful the user then downloads a selection of malware nasties which are then used to compromise the machine further. It seems that the AV companies already have some of the downloaded nasties tagged by the scanners, with Kaspersky listing the initial downloader component as 'Trojan-Downloader.Win32.Baser.w'. This incident is not the first attack of this nature, ARP spoofing attacks seem to be something that the malware writers are attempting as a great way to get malicious HTML into user web pages without compromising lots of web hosts, and all by just attacking a single host on the network and having that machine perform a man in the middle attack on the users of that network. What is interesting about this attack, is that it was attempted on a web hosting network, and thus the attacker was able to compromise the web sessions of any user visiting the targeted web site. Is this a sign of things to come? Well this is the second incident this year that has been made public of this style of attack, so it probably is something that we will likely see increasingly. Add this page to your favorite Social Bookmarking websites          |
| Last Updated ( Wednesday, 03 October 2007 13:15 ) |