Friday, December 21, 2007

Websense: ARP Spoofing HTTP Infection Malware


Via The Websense Security Labs Blog.

This year, we've seen many ARP spoofing viruses, also known as ARP cache-poisoning viruses. This type of malware comes in many variants and is widely spread in China. Recently, we uncovered an ARP spoofing virus that exhibits several new features.

The new ARP spoofing virus inserts a malicious URL into the session of an HTTP response, thus including significant malicious content, and then exploits Internet Explorer. At the same time, the virus makes a poisoned host act as an HTTP proxy server. When any machine in the same subnet with the poisoned machine accesses the Internet, the traffic goes through the poisoned machine.

More here.

Image source: Websense

posted by Fergie @ 12/21/2007 01:05:00 PM

0 Comments:

Post a Comment

<< Home