Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Lamiabiocasa - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lamiabiocasa

Earlier today, ISC reader Travis noticed that his proxy server was blocking some images from BusinessWeek Business Exchange (bx.businessweek.com). On closer inspection of the blocked content, he found that some files indeed had peculiar contents:

 
A company from Italy that sells log cabins probably cannot afford to advertise for their services on Businessweek...
 
The "lamiabiocasa" site is currently not returning any malware (at least not when we tried to investigate). A Google search for the same URL reveals though that plenty other sites are similarly affected, so this IFRAME is obviously part of an injection attack that must have been going on for a while.
 
On Businessweek, it is their 404 Error page that currently seems to be affected. It returns an "Under Construction" message that includes the nasty iframe.  According to passive DNS, there are currently more than 10'000 DNS domain names pointing to the one IP address that is also used by Lamiabiocasa (195.110.124.133). Chances are this ain't good...
 
 
Daniel

367 Posts
ISC Handler
Also hosts opus.register.it which has pretty bad rankings/comments on WOT: https://www.mywot.com/en/scorecard/opus.register.it
Anonymous

Sign Up for Free or Log In to start participating in the conversation!