Websense® Security Labs(TM) has
received reports of new malicious Web sites, designed to install Trojan
horse and Password Stealing malicious code. The Web sites are hosted in
China and attempt to exploit several Microsoft® vulnerabilities to
download and install a Trojan downloader without end-user interaction.
Among the sites are a popular Chinese book store hosted on Myrice. All sites appear to have been compromised.
There are three IFRAMEs that are loaded:
Upon visiting the sites, users who are
not patched for the vulnerabilities from Microsoft will have exploit
code run on their machine without user-interatcion. The file is loaded
from http://<removed>.com/author3/70/OpenIe.Exe and is designed to capture keystrokes in order to steal information from the user.