The Latest in IT Security

Hackers steal site content, infect people

08
Jun
2011

I was about to contact the owners of ‘water for people’ but something stopped me in my tracks:

The site I was looking at (c0re.us) was spoofing content from www.waterforpeople.org

With the one difference that hackers included a drive-by download:

Among other things, this code snippet triggers a Java drive-by (coldhardcash4us.com/images/modules/helpers/JavaSignedApplet.jar):

The ultimate payload comes from a file hosted on that server called bot.exe:

Both malicious domains are hosted on the same server (79.142.67.113) and ASN (51430) belonging to ALTUSHOST.

Altushost is a crime-friendly hosting provider located in Belize.

Jerome Segura

Leave a reply


Categories

SATURDAY, FEBRUARY 29, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments