[OWASP-Bangalore] iframes injected into premiere educational institutes site
praveen_recker at sify.com
Tue Oct 6 14:21:14 EDT 2009
I am writing this such that it can be informed to concerned authorities.
I tried to find mail id of the respective institue to inform them but
could'nt find any.
Details are as follows....
Visit to anypage on* http://www.nagarjunauniversity.ac.in*
and right click to "View Source", we'll find the following site embedded in
When we open above site it gets redirected to *
http://superpupermegacasino.com/* which hosts *SmartDownload.exe*
Details of the EXE at virustotal is shown as *Win32/CasOnline!Adware*
the page has eval() and base64_decode() methods. When we decode the base64
content site *esli.tw* is embedded.
There is one more site embedded *http://b.nt002.cn/E/J.JS*
When we visit few pages on this site and if any AV is installed on ur
machine (McAfee AntiVirus is installed in my case and triggers PDF-Exploit
alert) it should trigger some alert.
Interested folks can further analyze. Please inform concerned guys from
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore