Along the same lines of the Northwestern Bank compromise last week, the Branson Lakes Area Chamber of Commerce is also compromised, serving exploits.
(Do not visit the exploit sites below unless you know what you’re doing.)
GET-hxxp://www.bransonchamber. com
GET-hxxp://mumukafes.net/trf/index. php
GET-hxxp://333.gosdfsdjas.com/index. php
GET-hxxp://333.gosdfsdjas.com/l. php?i=1
|
|
V
Zbot config and drop:
GET-hxxp://agreement52.com/cnf/shopinf. jpg
POST-htxx://agreement52.com/shopinf/gate. php
Also, checks into server “67.231.246.218” on port 553
Serves a Zbot trojan.
Alex Eckelberry
(Thanks Adam and Francesco)
Update 4/15/2010: The situation is now resolved. The site is no longer serving exploits.