With the recent IFRAME injection attack targeting ZDNet Asia, by
abusing the site's search engine caching capabilities in a combination
with the lack of input sanitization, several more CNET Networks' web
properties besides ZDNet Asia, namely, TV.com, News.com and
MySimon.com are currently getting targeted using the same technique to
inject the IFRAMEs and have the sites cache and locally host the
results. The following assessement outlines the IPs and domains used
in the IFRAMEs, the domains and IPs hosting the rogue anti-virus and
anti-spyware applications, as well as the detection rates of the


Dancho Danchev
Cyber Threats Analyst/Blogger

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to