Malicious Websites: When Greyhats turn to Blackhats

Throughout December, Websense Security Labs reported a number of cases where browser and Operating System vulnerabilities were being used to install Potentially Unwanted Software onto end-users machines without user-intervention. In several cases, dozens of pieces of code were installed, and often report false information in order to entice the end user to clean their machine from spyware.

We are now seeing some of those same entities using their exploit code to install more reprehensible crimeware, such as key loggers and phishing traffic redirectors. This code is designed to steal information in addition to the installation of potentially unwanted software.

Users are typically infected through an IFRAME, loaded silently from a compromised website or an advertisement network pop-up. The exploit code loaded through these IFRAME tags attempts to use several dozen vulnerabilities, including the two recent zero-day vulnerabilities: MS05-054 and MS06-001. Users who are patched against these vulnerabilities are displayed an ActiveX prompt to install the exploit code. WebsenseŽ - Security Labs Alert: When Greyhats turn to Blackhats

Linked by shanmuga Thursday, 12th January 2006 2:50AM