Web2Secure: Web Security Blog

We are non-funded group of security enthusiast who contributes and updates to community with latest security treats. Use and handle whatever links shared within website could be harmful to your systems with own risks. Feel free to use the contents for commercial or non-commercial purposes. We're very appreciating if using our useful information’s to your website by referring back to this original website. Donation or clicking on ads is most welcome to continue maintains costs for this website.

Thursday, August 6, 2009

Malicious #2 ** 6-Aug, webalfa.cn

webalfa.cn ( 210.51.51.176 -Blacklisted)

Others domain share same IP address

mail.webalfa.cn

ns1.webalfa.cn

security-access-control.cn

street-info.com

webalfa.cn

Level 0:http://webalfa.cn/pab/index.php

Level 1:http://webalfa.cn/pab/load.php (Trojan Virustotal 30/41, Anubis Report)

Level 1:http://webalfa.cn/pab/include/iframe.html

Level 1:http://webalfa.cn/pab/include/spl.php?stat=Windows XP|Internet Explorer 7.0|U (PDF exploit Virustotal 13/41)

"index.php" contain malicious codes that exploit

-Office Snapshot Viewer CVE-2008-2463

-MDAC CVE-2006-0003

"iframe.html" actually contain code that exploit "MS Internet Explorer XML Parsing Buffer Overflow Exploit" according http://www.milw0rm.com/exploits/7477

--X0end

Web2Secure: Web Security Blog

Pages

Thursday, August 6, 2009

Malicious #2 ** 6-Aug, webalfa.cn

0 comments: