Author Topic: I-frames serving Exploits/  (Read 3062 times)

0 Members and 1 Guest are viewing this topic.

August 10, 2010, 08:44:06 pm
Read 3062 times


  • Newbie

  • Offline
  • *

  • 5
Unfortunately i do not have a sandbox or netflow at my disposal but i came across this outbound request on our network, the ip correlates to an older Zeus v2 server though after running it through numerous online analyzers, i found it to host some nasty iframes pointing to some known malicious java and .pdf exploits. Exploits being served
Hidden I-frames in the above point to
Which had the following show up in URLvoid,

If i come across any new ones ill throw them in this thread. Any further investigation to determine whether it is hosting a C&C or just the exploits i came across would be helpful. Thanks.