PDA

View Full Version : Trojan Alert



aaaantoine
September 29th, 2008, 06:38 PM
I know this doesn't necessarily affect anyone here, but I figure someone here might be able to...

A. pass this info on to the appropriate authorities. and
B. Grab the script code to see exactly what this does.

Much appreciated.

I should clarify. The site employs a JavaScript exploit of some sort. Be sure you have NoScript installed (or javascript disabled in general) before visiting.

This is a malicious site, so please tread carefully.
link snipped

steveneddy
September 29th, 2008, 06:46 PM
How did you find out about this?

LaRoza
September 29th, 2008, 06:48 PM
I snipped the link.

A quick glance at the code shows it is trying to hide what it does.

The main thing is that is tries to use inline frames to get content onto the page, specifically, a flash object of some sort.

aaaantoine
September 29th, 2008, 06:52 PM
How did you find out about this?

It was injected into a website I visit. The people there are already aware of the issue.

aaaantoine
September 29th, 2008, 06:54 PM
I snipped the link.

A quick glance at the code shows it is trying to hide what it does.

The main thing is that is tries to use inline frames to get content onto the page, specifically, a flash object of some sort.

Should I report this to Adobe then?

LaRoza
September 29th, 2008, 07:00 PM
Should I report this to Adobe then?

No. I can't tell what the flash object does. It *probably* makes use of the design/lack of design of IE.

I had no effect from it and couldn't tell what the flash object was, only that it existing (referenced in the code, I opened the frames using the URI's from the scripts).

fatality_uk
September 29th, 2008, 08:03 PM
Can't see the code but i am guessing it's the current re-working of the exploit first found in march and posted recently on /.

http://it.slashdot.org/article.pl?sid=08/09/25/1955228&from=rss

and

http://blogs.zdnet.com/security/?p=1972

ClickJacking, as it's known, is a bad exploit.

http://www.webadminblog.com/index.php/2008/09/24/new-0day-browser-exploit-clickjacking-owasp-appsec-nyc-2008/

From what I understand, Adobe, et al, tried to keep a lid on it. But the fact is that it's out there in the real world.

http://ha.ckers.org/blog/20080915/clickjacking/

john_spiral
October 1st, 2008, 10:38 PM
What is the level of severity for this threat?

From the name I guess you could land up messing up your wine installation with a link you never intended clicking on?