Select Page

Nothing too exciting here, just another example of poor webserver security practices .  Glamour-shop(dot)com promises “high quality gifts”.

Glamourshopmainpage

Instead, it hits you with a WMF exploit which then does all sorts of nasties.

Onlineglamourshop

http://glamour-shop(dot)com/backdoor/ – gives you the WMF exploit.

http://glamour-shop(dot)com/down.txt – It apparently pulls the downloaders from here. 

And the cache of treasure (don’t run these — bad stuff):

http://glamour-shop(dot)com/stats/bin/bin.exe
http://glamour-shop(dot)com/stats/bin/bin2.exe
http://glamour-shop(dot)com/stats/bin/bin3.exe
http://glamour-shop(dot)com/stats/bin/bin4.exe
http://glamour-shop(dot)com/stats/bin/bin5.exe

Discovered through a pop-up: Our researcher discovered this site from a porn site ad that popped up during research. He followed the link and got hit at the main url with the WMF exploit. 

This site was advertised through a Thanks to Jarrett Levine in Sunbelt Spyware Research.

Alex Eckelberry