Aug17
12:13 pm (UTC-7)   |   by Jasper Pimentel (Advanced Threats Researcher)

We’ve just received reports that the website of DaHua High School (hxxp://www.thsh.tyc.edu.tw/), a private high school in Taiwan, has been compromised.
It seems that an errant IFRAME tag has made its way into the website’s initial page (default.asp) and eventually loads a malicious web page (hxxp://www.832821.cn/rrr.htm) that is completely unaffiliated with the high school.

dahua.jpg

The malicious web page that is loaded by the IFRAME downloads several files, namely a bitmap file, a couple of javascript files and a pair of HTML files. The bitmap is actually an ANICMOO exploit, which is detected by Trend as EXPL_ANICMOO.GEN. These files in turn download a malicious executable file, SYSDOWN.EXE, which is detected by Trend as TSPY_DELF.GMN. Because of the malicious content being downloaded, even Google has already issued a warning for this website.

dahuagoogle.jpg
Credits go to Nick Lee (China Regional TrendLabs) for informing us of the incident.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Friday, August 17th, 2007 at 12:13 pm and is filed under Security . Responses are closed, but you can trackback from your own site.



Comments are closed.


Yet another Japanese zero-day Trojan discovered
Rogue Domain Name System Servers [reposted]


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice