And one has to wonder what exactly it means if anything that some of the exploits involved are dropping malware that installs and manipulates your web browsing experience to be geared towards Sogou.com, a distasteful Google knock off in China. More than that though they even install Sogou Explorer which appears to be a Google Chrome like, but yet again clunky, knock off.
So is it attackers that just happen to really love Sogou and want to share it with the world? Criminals doing it to make money off of Sogou browser install referral programs? (If they have such a thing.) Chinese company looking to expand its market share through hacking? And if so is there government support for such a program? And if so again then how does Baidu feel about that? Or something else entirely making this a completely moot point to begin with? Inquiring minds want to know... It is funny to me the hax0r cool biological warfare (since people love to compare the two, bleh.) aspect of these attacks originating, supposedly, from a country whose population is more susceptible to compromise than that of the target. That is of course at least more easily susceptible given the prevalence and reliability of IE 6 exploits vs. other IE versions. With China having an estimated 60%[1] of browsers on IE6 vs. 12% in the U.S. Not to imply further as to a country being the culprit. In that vein though you do have to find the irony that unlike physical warfare, where a dropped bomb is a dead bomb, here in cyberspace you can drop a bomb that can then be tossed back at you more effectively than your original. Signed, Marc Maiffret Chief Security Architect FireEye, Inc. http://www.FireEye.com [1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar On Fri, Jan 22, 2010 at 2:41 PM, exploit dev <extraexpl...@gmail.com> wrote: > Hi to all, > > i have just updated the list of URL that spreading stuff through > cve-2010-0249. If you are interested check: > > http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html > > -- > http://extraexploit.blogspot.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/