Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
Topic Started: Feb 11 2012, 07:30 PM (59 Views)
Deleted User
Deleted User

Quote:
 
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Blackhole Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique has seen attackers employing code that is meant to look like Google Analytics snippets, but instead sends victims off to a remote site that's hosting the Black Hole Exploit Kit. Not the desired result.

Researchers at Websense discovered the ongoing attack recently, and found that the code being used to hide the fake Google Analytics tags is heavily obfuscated, making analysis quite difficult. The malicious code, which is being injected into benign pages on legitimate sites, is designed to look just like actual Google Analytics code and to appear as thought it's referring to common domains. But there are some tell-tale signs that this isn't the case.

The end result of the infection routine is that the victim is passed off to a site that is hosting the Black Hole Exploit Kit, a notoriously nasty piece of software that will try a grab-bag of exploits against the victim's browser until one works. Once that's done, another piece of malware typically is installed on the user's machine, perhaps a keylogger or banker Trojan designed to relieve the victim of her money.


Full story here: https://threatpost.com/en_us/blogs/attackers-using-fake-google-analytics-code-redirect-users-black-hole-exploit-kit-020812

Be sure to read the comments re the above by “Anonymous”.

Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · ALERTS, UPDATES, WARNINGS, NEWS · Next Topic »
Add Reply