NaturalBornSkinner: [WSL] Malicious Web Site / Malicious Code: BBS of Sougou Compromised - NaturalBornSkinner

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[WSL] Malicious Web Site / Malicious Code: BBS of Sougou Compromised Rate Topic: -----

#1 User is offline   NewsBot 

  • Post Whore
  • PipPipPipPipPipPipPipPipPipPip
  • Group: Members
  • Posts: 3,420
  • Joined: 12-January 09
  • Thanked: 3
Kudos: -21
Bad

Posted 01 March 2010 - 07:00 PM

Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised.

Sougou, a popular search engine in China (Alexa rank 2956), is part of Sohu.com Inc.

The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts.

At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment.

This is the injected code in the home page and its contents: 

 

 

Here is the exploit page: 

 

Websense Messaging and Websense Web Security customers are protected against this attack.


0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users