Saturday, October 20, 2007

Myphonegames.co.uk hacked?!

It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. As seen from below screenshot, the script http://xvgaoke.cn/1.js is executed when certain links at Myphonegames are clicked:


This script makes use of iframe and loads an HTML page - http://xvgaoke.cn/1.htm:

This HTML page drops a file named Ntdetect.exe to the root drive:

However, Ntdetect.exe is not actually an executable but it's an HTML file:

This surely is a drive-by-download attempt to drop malware. Even though files that are dropped as of now are non-malicious, this can change at anytime and malicious files can be dropped without knowledge of the user! Finally, here's what Google says about http://xvgaoke.cn:

0 Comments:

Post a Comment

<< Home