Mar 30

By Chun How
Add comments
Uncategorized

Forumer manutdotcom tipped us off earlier today on a malicious piece of code present on the GSC online website. We did some checking ourselves on his story, and true enough, there is a piece of suspicious code being called from within the main frame of the site.

 

According to manutdotcom on his blog entry, the malicious piece of code is identical to the 2117966.net mass ASP/SQL injection script that was responsible for compromising over 10,000 sites earlier last week.

 

Since the script is being called directly via a javascript call (read if you open the page, and don’t have a proper antivirus installed, you’re doomed), the site is now considered high risk – until the malicious code is removed.

 

According to the SANS advisory, the exploit code has the ability to install a malicious password stealing program on unpatched browsers via an Active X exploit. So, if you did accidentally visit the GSC online page (link not provided for obvious reasons), you might want to have your system scanned and your antivirus updated.

This entry was posted on Sunday, March 30th, 2008 at 11:52 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.