Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

The Stars See Malicious Code in Your Future

Created: 24 Mar 2008 07:00:00 GMT • Updated: 23 Jan 2014 18:41:40 GMT
Hannah Chen's picture
0 0 Votes
Login to vote

Recently, we observed some suspicious activity on the Chinese Yahoo astrology site, http://astrology.cn.yahoo.com. Upon investigation, we determined that the site in question contained an iframe that was linking to the domain luckty.com, an astrology-based match finding company. This page contained an embedded iframe that linked to a malicious site that was exploiting the Real Player ierpplug.dll ActiveX Control Buffer Overflow Vulnerability and the MSIE ADODB.Stream Object File Installation Weakness to download malicious code onto a compromised machine.

We contacted our friends at Yahoo, who subsequently removed all iframe references pointing to luckty.com. Symantec antivirus products that include Browser Protection, a feature that detects browser-based exploits, automatically blocked access to the site hosting the exploits, thereby preventing infection. The downloaded malicious code samples are detected as Downloader with definitions version 03/22/2008 revision 2 and later.