In this post, the first of a new series of posts in which I plan to expose some of the more interesting web attacks we encounter, I will describe some recent attacks that we have been following in which the victim's browser is 0wned, and their search results hijacked.
Attack overview
Infection triggers:
Browsing compromised sites
search engine optimisation (SEO)
Exploits:
CVE-2010-0840 (Java)
CVE-2010-0806 (uninitialized memory corruption vulnerability in IE)
CVE-2010-0886 (Java)
CVE-2010-1885 (Windows Help Center URL validation vulnerability)
Payload: Install rogue Firefox extension, to display popups and hijack search results
Threat names: Mal/Iframe-Gen, Mal/JavaDldr-B, Exp/CVE10-0840, Troj/ExpJS-BM, Mal/HcpExpl-A,
Read more - link
Attack overview
Infection triggers:
Browsing compromised sites
search engine optimisation (SEO)
Exploits:
CVE-2010-0840 (Java)
CVE-2010-0806 (uninitialized memory corruption vulnerability in IE)
CVE-2010-0886 (Java)
CVE-2010-1885 (Windows Help Center URL validation vulnerability)
Payload: Install rogue Firefox extension, to display popups and hijack search results
Threat names: Mal/Iframe-Gen, Mal/JavaDldr-B, Exp/CVE10-0840, Troj/ExpJS-BM, Mal/HcpExpl-A,
Read more - link
