Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Fraudware via SQL injection?

October 19th 2008 in Uncategorized

Nope, no surprise there.

Cite: http://blogs.technet.com/mmpc/archive/2008/10/17/sql-injection-new-approach-for-win32-fakexpa.aspx

Check out the exploits being used:

* MDAC remote code execution (MS06-014)
* ShockwaveFlash.ShockwaveFlash.9 exploit
* WebViewFolderIcon setSlice() exploit (MS06-057)
* Msdds.dll exploit (MS05-052)
* Microsoft Works exploit (MS08-052)
* Creative Software AutoUpdate Engine exploit
* Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow
* Ourgame GLWorld GLIEDown2.dll exploit
* DirectAnimation.PathControl buffer overflow (MS06-067) 


As for the comment by the blog author, Yuhui Huang, that “when [he] tried the same exploit destination, it had already stopped serving malicious content. When [he] launched the first stage downloader, the control server stopped giving instructions to download the second stage installer. Strange…“, some things come to mind.

* IP blocking (it has been known for fraudware/malware sites to only allow malicious behavior once per IP address)

* blocking via cookies

* other content caching

Comments are closed.

It seems to me that Directi is not even close to cleaning up its act, and they certainly don’t seem to be keeping away from domains that are used to facilitate the distribution of fraudware.  Just over the past few days I have encountered quicktds.com (which had been registered since 16 Sept), pcvirusbuster.com (registered 7 […]

Previous Entry

Hit this one today: go-scan-pro.com - -Latvia, Vdhost LtdICANN Registar: REGTIME LTD.Created on: 7 October 2008NS: NS1.SITELUTIONS.COMNS: NS2.SITELUTIONS.COMRegistrant:   Petr Bernatzik   Email: feetecho@gmail.com   Organization: Bernatzik Co   Address: Dobevska 877/4   City: Praha   State: Kamyk   ZIP: 14300   Country: CZ   Phone: +420.60176712    Fax: Shared IP:1.  Cokiran.com 2.  Go-iascan.com 3.  Go-scan-pro.com 4.  Goscanpc.com 5.  Ia-free-scanner.com 6.  […]

Next Entry