Websense┬« Security Labs(TM) has received reports of new malicious Web sites, designed to install Trojan horse and Password Stealing malicious code. The Web sites are hosted in China and attempt to exploit several Microsoft┬« vulnerabilities to download and install a Trojan downloader without end-user interaction.



Among the sites are a popular Chinese book store hosted on Myrice. All sites appear to have been compromised.



There are three IFRAMEs that are loaded:



http://www.<removed>.com/aafs.asp
http://www.<removed>.com/a/Ms.html
http://www.<removed>.com/a/index.htm



Upon visiting the sites, users who are not patched for the vulnerabilities from Microsoft will have exploit code run on their machine without user-interatcion. The file is loaded from http://<removed>.com/author3/70/OpenIe.Exe  and is designed to capture keystrokes in order to steal information from the user.

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=752