I can see only one reason why the programmer would code this test to send you a cursor, aside from ignorance, and that is to keep a low profile. Are you using Windows 2000, XP or 2003? If you’re using XP, it will use an animated cursor named pay.mid, and if you’re using 2000, it will use another animated cursor named 7517.jpg. The JavaScript in this page will check if you’re using Internet Explorer version 6 or 7, and if you do, it will fingerprint your OS. Here’s the cleaned up page from the malicious website, referenced by the iframe: Inserting an iframe pointing to a malicious website is a method of choice for compromising websites.Īs of this writing, Reverso has removed the iframe from their website (I did inform them). Notice that the dimensions of the iframe are zero, it will be invisible. The site was compromised, criminals inserted this iframe in the main page: Īn iframe element is like an include statement, the browser will include the source to render the page you’re viewing. I saw several animated cursors with shell-code last week, here’s an interesting case. More than 2 years later, Microsoft had to patch again. ![]() Microsoft Security Bulletin MS05-002 did not patch all vulnerabilities in animated cursors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |