Infection in Chinese Security Website
A malicious code has been reported on the Website of an Internet security company in China.
The attack takes advantage of buffer overflow flaws in BaoFeng Storm, a browser-based media player that China developed. According to a warning by Symantec's anti-virus center, the ActiveX control of BaoFeng can be vulnerable to a number of buffer overflow flaws as it performs inadequate check on the user-supplied data.
In an incident, CISRT's own server fell prey to such an attack, CISRT reported. Although the attack method is quite old, it has not been extensively used. Attackers will break into a server, or a Web-hosting service operated virtual domain server and apply ARP spoofing methods to separate the gateway's connection from other servers through the hacked server.
After this, a proxy will embed another IFrame into responses flowing from those Web servers. Then the new IFrame will pick up a malicious code from a different malware-infected server to corrupt the visiting PC by exploiting browser flaws. McAfee warned that cyber criminals' attack toolkit MPack support and encourage ARP spoofing.
Patrik Runald from the Finnish Security Company F-Secure said that while this type of hack on the Website of a security response team is unusual, if the attack is the ARP attack, it is indeed very complicated. ZDNet Asia.com published this in news on October 5, 2007.
The company said in its blog that the method was quite interesting in the way that it will increase the useful life of hack by making it more difficult to isolate and investigate. If the attacks become frequent on visitors, it calls for investigators to scrutinize the intermediate links between the Website and its visitors, according to PC World on October 3, 2007.
With this hacking cases and incidents in China, security professionals again warned of the presence of highly skilled computer hacking community in the Chinese mainland.
Related article: Infected Websites Grow Three Times More
» SPAMfighter News - 18-10-2007