February 9th, 2007, 09:07 PM
American Football !!
Websense Labs has reported that "the official website of Dolphin Stadium has been compromised with malicious code." As of now (~1820 GMT 02-FEB-2007) the site still has the injected redirect, but the site hosting the malicious code is not responding. The malicious script is reported to exploit vulnerabilities described in Microsoft Security Bulletins MS06-014 and MS07-004.
Bleedingthreats.net has a signature available: http://www.bleedingthreats.net/cgi-b...own_Downloader
The first reported site has been repaired (for now?)
Other sites have been identified using some googledorking and are in the process of being informed.
McAfee has released updated signatures to detect Backdoor-DKT: vil.nai.com/vil/content/v_141405.htm#tab7
Other AV vendors should have specific signatures by now as well.
A similar (identical?) exploit is served by the following domains. At this point, the best defense (after patching) is to block these domains and monitor DNS requests for them. Infected machines will try to call home to them.
w1c.cn, dv521.com, bc0.cn, 137wg.com, newasp.com.cn
dv521.com was the domain used in the dolphinstadium.com defacement. Thanks to the cooperation from Xin-Net, the domain is no longer resolving. But there is always a chance that it will come back.
If your website is defaced by this group: Please contact us and preserve logs.
Updating our earlier update :-), the 3.js off the Natmags site downloads an ad.htm file which is clearly an exploit, as can be shown with a little PERL-fu to make it readable: cat ad.htm | perl -pe 's/(.)/chr(ord($1)&127)/ge'
The corresponding www.exe is no longer available on the server though (or doesn't download).
KEEP THE GAME GOING !!!!!
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
By .:front2back:. in forum Tech Humor
Last Post: July 4th, 2006, 09:43 AM
By debwalin in forum Tech Humor
Last Post: November 16th, 2004, 04:31 PM
By geepod in forum AntiOnline's General Chit Chat
Last Post: June 21st, 2003, 11:07 AM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM
By bimmer in forum AntiOnline's General Chit Chat
Last Post: March 4th, 2002, 03:50 PM