Infected BBC News Stories that install spyware



This BBC News replica website (screenshot above) is dangerous enough to automatically download and install keylogging software on your computer.

E-mail messages contain excerpts from actual BBC news stories offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail.

This BBC replica website exploits the unpatched IE createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.

WebSense have identified more than 200 unique URL's that are using the vulnerability to run exploit code.

Source: WebSense | EWeek

10:07 PM | |

This entry was posted on 10:07 PM You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)