Ambassadors for education’s site compromised

October 26th, 2009

globalfundforeducation.org has been compromised.

Obfuscated JavaScript:

A little bit of fiddling around with the JS code allows us to display what it actually does:

An iframe:

amb4

Which is also referenced in the main code:

The final payload seemed to come from soft-siski.com in the form of several executables.

Jerome Segura

Warning: all links contained in this post may infect your computer!

This entry was posted on Monday, October 26th, 2009 at 3:17 pm and is filed under Exploits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments