Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    We’ve just received reports that the website of DaHua High School (hxxp://www.thsh.tyc.edu.tw/), a private high school in Taiwan, has been compromised.
    It seems that an errant IFRAME tag has made its way into the website’s initial page (default.asp) and eventually loads a malicious web page (hxxp://www.832821.cn/rrr.htm) that is completely unaffiliated with the high school.

    dahua.jpg

    The malicious web page that is loaded by the IFRAME downloads several files, namely a bitmap file, a couple of javascript files and a pair of HTML files. The bitmap is actually an ANICMOO exploit, which is detected by Trend as EXPL_ANICMOO.GEN. These files in turn download a malicious executable file, SYSDOWN.EXE, which is detected by Trend as TSPY_DELF.GMN. Because of the malicious content being downloaded, even Google has already issued a warning for this website.
    dahuagoogle.jpg Credits go to Nick Lee (China Regional TrendLabs) for informing us of the incident.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice