Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Searching money, finding exploit

Published: 2005-12-28
Last Updated: 2005-12-28 08:27:43 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
Every now and then, when using completely benign search terms in Google and others, the results that come out on top range from "not nice" to "outright hostile". We've received a report from a user who was looking for "money", and what he got presented with was a link to hxxp://hyipgoldinvest.com (dont click). The site is booby-trapped with an exploit variant of MS05-054 that is not yet detected by AV.  Conclusion: Careful what you click on. An URL returned by a search engine is not necessarily more trustworthy than one that you receive in a spam message that offers "che ap replcia wathces".
Keywords:
0 comment(s)
Diary Archives