|
Citat:Between the holidays I found a very simple but digitally signed malcode. It basically does one single thing: It overwrites the hosts file. The modification is as follows:
Citat:175.41.21.11 www.chsi.com.cn
The hosts file modification has the effect of overriding any DNS queries for chsi.com.cn so that it points to a different IP than the official one. The site chsi.com.cn seems to be a student information portal, “China Higher Education Student Information Network”.
By redirecting the address to a different IP, attackers are able to present users with altered web content or perform man-in-the-middle attacks. The purpose of this against a student site is up for speculation.
The digital signature attached to the file is quite recent, Dec. 28th, 2011. The certificate belongs to 北京火鸟网络科技有限责任公司 (Google translated to “Beijing Firebird Network Technology Co., Ltd.”). We’ve been in contact with Thawte and have gotten confirmation that this certificate is being revoked.
Source: [Link mogu videti samo ulogovani korisnici]
Knjigu u šake, no bad western p0rn for you. 
|
