Tuesday, 20 May 2008
Looking at the html for the site, you can see the .js file, added inside the TITLE html code:
If you are using clarkconnect (or other ClamAV based web-filtering) the latest update to the SaneSecurity signatures should help block the current sites:
Wednesday, 7 May 2008
Hopefully people have seen this.. but it's worth posting:
Hundreds of thousands of examples of a new Trojan that poses as a media file have flooded onto P2P networks.
Since Friday 2 May more than half a million instances of the Trojan have been detected on consumer PCs, according to net security firm McAfee. The anti-virus firm reports the spread of the Downloader-UA.h Trojan as the most significant malware outbreak in the last three years.
What's interesting about this, is that I came across this "new" idea from a post by ISS (dated 29th April), which you can see here
While the above post talked about .ASF files, all the bad-guys have done is rename the .asf files to .mp3... Windows Media Player just reads Metadata in the header and runs the script :(
SaneSecurity ClamAV Generic detection was added on 30th April 2008 for this new idea and so I was interested to find that these "new" mp3s McAfee are talking about, are found using the same generic signature :)
Note: You must be using ClamAV v0.93 to be able to detect this