Home mortgage site gets owned and pwned

October 20th, 2009

It’s late at the office, but I’m still here finding some bad stuff. The wife is out for dinner with a friend, and I get bored at home.

Anyway, our HoneyPots just picked up this drive-by from homemortgagenetwork.com

This is what the site looked like before it was owned:

This is what it looks like now:

Yes, a lot of blank space too!

But the interesting part can be found in its source code (click to enlarge):

It pushes a PDF exploit and the final download comes from:

mefa.ws/1/cjms1.exe

The file is, shall we say, poorly detected right now:

Warning, these links are live and may infect your PC!

Jerome Segura

Malware ID: 048346308777edf94dd4788dac20be54.zip

This entry was posted on Tuesday, October 20th, 2009 at 5:52 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments