The Latest in IT Security

Hackers steal site content, infect people

08
Jun
2011

I was about to contact the owners of ‘water for people’ but something stopped me in my tracks:

The site I was looking at (c0re.us) was spoofing content from www.waterforpeople.org

With the one difference that hackers included a drive-by download:

Among other things, this code snippet triggers a Java drive-by (coldhardcash4us.com/images/modules/helpers/JavaSignedApplet.jar):

The ultimate payload comes from a file hosted on that server called bot.exe:

Both malicious domains are hosted on the same server (79.142.67.113) and ASN (51430) belonging to ALTUSHOST.

Altushost is a crime-friendly hosting provider located in Belize.

Jerome Segura

Related posts:
  1. Hackers steal, publish Fox employee passwords
  2. Internet Explorer Bug Allows Hackers to Steal Facebook Credentials
  3. Hackers steal Fox TV passwords, deface Twitter and LinkedIn pages
  4. Codemasters warns customers after hackers steal data
  5. ‘Foreign government’ hackers steal secret Pentagon plans

Tags:  
Written by Malware Diaries
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments