onlyhomeclips have 83,635 ranking in Alexa when this article was written. onlyhomeclips users mainly are from India
Figure 1: Users statistics
Figure 2: livelnternet.net
Figure 3: freebsdadministrator.info
Exploit site contain malicious code that will examine the applications installed in users systems such as PDF plugin , Flash plugin , Excel, Word and others. For this case, it detect QuickTime RTSP (CVE-2007-0015) and SuperBuddyLinkBIcons (CVE-2006-5820). At the end, It will download malware to systems that have low detections (5/40) according Virustotal.
Exploit site using complex deofsuscated code to make hard steps for analyst to analysing coding. Hacker using DOM (Document Object Model) rather than using simple javascript. DOM functions like document.createElement and setAttribute can be easily found in that exploit website. The exploit website have ability to avoid analyst from checking for second time. It will return nothing if inspect through wireshark.
Be make sure update your systems applications to latest version, and don't ever give chance for attacker installed malware in your systems.
end.....
0 comments:
Post a Comment