Skip navigation.
Home

CNN & MSNBC Attack - Where is it all coming from?

No file updates in this post but I'm hoping to generate some discussion here...

My e-mail inbox has been flooded since breaking the CNN malspam story. Everyone wants to know where this attack is coming from and how it’s releasing itself into the wild so quickly. I’m sorry to say that I do not have the answer yet… but I do have a hypothesis.

I believe the attack is exploited 100% through hacked/infected computers. We know that the e-mails are being distributed by infected computers as we can tell from the e-mail headers, most of the e-mails come from private ADSL or cable lines. One question remains… how are the websites getting owned? Take a second to consider the following possibility…

if you follow the link it

if you follow the link it asks you to download a file. The file is a trojan called Exchanger. Don't know who is behind all this but it has to be someone big. Anyway i found something interesting on this here http://blog.fireeye.com/research/2008/08/srizbi-and-rust.html