For a moment
I thought they had hacked the FourEcks trading site (operated from Didjabringabeeralong no doubt (or was that Bugarup))
A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers. The targeted website is a popular FOREX (foreign exchange market) website called "Trading Forex" (tradingforex.com). The website remains contaminated as of Thursday lunchtime …
I don't believe this is related.
To start with, Chinese hackers aren't so clumsy as to ask potential victim to install a rootkit alongside with required .NET runtime.
More importantly, it is in China interest to let the liquidity build up on the exchange, rather than scare the users away.
The first time I see "Apache(Win32)" in the webserver's token. The question is how did the website get compromised.?
It identifies itself as "Apache/2.2.22 (Win32) PHP/5.4.5" .So one would only guess poorly designed php scripts, or the good ol' malware friendly Microsoft OS (0-day?), or that the hacker is a part time admin of the said website, or the use of "passw0rd" as the strong admin password. Could it be all four?
Biting the hand that feeds IT © 1998–2020