Home > ParetoLogic Blogs > Malware Diaries > Ambassadors for education's site compromised
Reply
 
Thread Tools Display Modes
  #1  
Old 10-27-2009, 12:17 AM
Michael Michael is offline
Administrator
Join Date: May 2007
Posts: 313
Default Ambassadors for education's site compromised
globalfundforeducation.org has been compromised.

amb

Obfuscated JavaScript:

amb2

A little bit of fiddling around with the JS code allows us to display what it actually does:

code

An iframe:

amb4

Which is also referenced in the main code:

amb3

The final payload seemed to come from soft-siski.com in the form of several executables.

Jerome Segura

Warning: all links contained in this post may infect your computer!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


Terms of Use