Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Mass File Injection Attack - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mass File Injection Attack

We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob.  If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in them now.  The major portion of the sites seem to be running phpBB forum software.

If you have a proxy server that logs outbound web traffic at your site, you might want to look for connection attempts to these two sites.  Internal clients that have connected may need some cleanup work.  Another preventive step would be to blocklist these two URLs.



78 Posts
May 11th 2008

Sign Up for Free or Log In to start participating in the conversation!