Categories

Tags

Archive

2008

View archive statistics

Calendar

Mo	Tu	We	Th	Fr	Sa	Su
29	30	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31	1	2
3	4	5	6	7	8	9

Select a Date

Authors

Recent posts

Taking the Red Pill Down the Rabbit HoleComment: 0Rating: 5 / 1
Neosploit - The rumors of my demise have been greatly exaggeratedComment: 0Rating: 4 / 5
Blocking legitimate sites in real-timeComment: 0Rating: 4 / 2

Blogroll

6/30/2008 5:17:00 PM

Hundreds of hacked websites recruited to serve a new variant of the Gozi Trojan

by Oren Medini

eSafe CSRT has recently discovered a new massive Web attack where a malicious iframe pointing to a remote exploit is being planted on compromised legitimate websites. The iframe points to an Mpack exploit kit, detected by eSafe as JS.Agent.hdd, hosted on a Chinese server. The exploit kit in its turn downloads a new improved version of the Russian Trojan horse called Gozi Trojan, which is detected by eSafe as Win32.Agent.gjs.

The Gozi Trojan is designed to steal sensitive information and to send it to a predefined address. It has been noticed that this new version of Gozi Trojan transfers the stolen data to an IP address located on Malaysia.

The following TCP Stream shows the Gozi Trojan in action:

More than 600 legitimate websites have fallen victim to this attack. The list includes a popular pro-Israel website and a private banking service website located in the Cayman Islands. Visiting the bank’s main page or any of the compromised websites triggers the exploit and ends up downloading the Gozi Trojan into the victim’s system.

Currently rated 4.0 by 6 people

Currently 4/5 Stars.
1
2
3
4
5

Tags: iframe, exploit, web malware delivery, web attack

Hackers | Web-based Trojans

Digg this

del.icio.us

Slashdot It!

Permalink | Comments (0)

Hacked websites used to defraud Yahoo! Search MarketingRussian Cyberwar on Georgian WebsitesA new variant of the Facebook worm hits again

Comments

Add comment

Name*
E-mail*
Comment*

Notify me when new comments are added

Note: Comments are reviewed before posting and offensive and inappropriate content and language will not be published.

Mo	Tu	We	Th	Fr	Sa	Su
29	30	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31	1	2
3	4	5	6	7	8	9

Mo	Tu	We	Th	Fr	Sa	Su
29	30	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31	1	2
3	4	5	6	7	8	9

Hundreds of hacked websites recruited to serve a new variant of the Gozi Trojan

Related posts

Comments

Add comment

Mo	Tu	We	Th	Fr	Sa	Su
29	30	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31	1	2
3	4	5	6	7	8	9