Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Mass Web Infections SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mass Web Infections

One of our readers, Peter, asked us to post a Register article for comments.

http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

It would appear that two different web infections are moving around the Internet.   One is about 15% of ScanSafe's traffic, the other only 1%.  The 15% represents e-commerce websites hosting the infections and passing them on to visitors.

The 1% traffic is significantly more interesting as it appears to be intelligent enough to produce a randomly generated file name each time the person visits the site.  It is this fluxing which is causing so much discomfort with Incident Handlers worldwide.

If you have any info regarding these mass infections.  Please let us know here.

Fair Winds,

Mari Nichols

Mari Nichols

76 Posts
Jan 14th 2008

Sign Up for Free or Log In to start participating in the conversation!