|
We've received couple of reports about e-mails being spammed which contain browser exploits. What's interesting about this is that they are targeting Australia.
All e-mails we've received have the same content, but the URL seems to be moving around. The body is pasted below: "People starting panic withdrawals, some of the accounts were reported closed due to technical reasons, many ATMs are not operating. Does it seem that one of the Australia's greatest goes bankrupt? The full story could be found here: <URL> Well, hope that isn't true... Anyway You'd rather check your balance..." The URL contains an obfuscated JavaScript. The JavaScript code will check which browser the user is running and will redirect him to the appropriate exploit, served by a CGI script. The JavaScript will also detect if a user is running Service Pack 2, and append that information as a CGI parameter as well. The following Internet Explorer vulnerabilities are exploited: MS03-011 MS06-006 MS06-014 And one Mozilla FireFox vulnerability is exploited as well: MFSA2005-50 For FireFox user, there is good add-on tool for preventing malicious Javascripts. The add-on tool called "NoScript". You can find more information following site : https://addons.mozilla.org/firefox/722/ I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich February 2022 |
Bojan 400 Posts ISC Handler Jun 15th 2006 |
| Thread locked Subscribe |
Jun 15th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
