Monday, April 09, 2007

Websense: A Tale of Two ANI Attacks

Via The Websense Security Labs Blog.

By now most of you are familiar with the ANI zero-day attacks that have been happening over the last week. See bottom of this blog entry for URL details and background on ANI.

The state as of now is that there are more than 2000 unique sites that are hosting exploit code and/or are compromised and are pointing to machines that host exploit code.

There are two main attacks that comprise of the majority of these sites. The first set we believe are one of the first groups to start using the zero-day exploits in the wild. These are attacks that started in the China region and appear to be created by groups within the Asia Pacific Region. The attackers have compromised hundreds of machines and placed IFRAME's back to the main servers that host the exploit code. In most cases the payload and motivation of these attacks is to gather credentials for online games such as lineage. Lineage is a very popular online game in Asia.

More here.

0 Comments:

Post a Comment

<< Home