Snooping on Chinese students?

Snooping on Chinese students?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Citat:Between the holidays I found a very simple but digitally signed malcode. It basically does one single thing: It overwrites the hosts file. The modification is as follows:

Citat:175.41.21.11 www.chsi.com.cn

The hosts file modification has the effect of overriding any DNS queries for chsi.com.cn so that it points to a different IP than the official one. The site chsi.com.cn seems to be a student information portal, “China Higher Education Student Information Network”.

By redirecting the address to a different IP, attackers are able to present users with altered web content or perform man-in-the-middle attacks. The purpose of this against a student site is up for speculation.

The digital signature attached to the file is quite recent, Dec. 28th, 2011. The certificate belongs to 北京火鸟网络科技有限责任公司 (Google translated to “Beijing Firebird Network Technology Co., Ltd.”). We’ve been in contact with Thawte and have gotten confirmation that this certificate is being revoked.


Source: http://blogs.norman.com/2012/malware-detection-tea.....e-students




Knjigu u šake, no bad western p0rn for you. Razz



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 574 korisnika na forumu :: 42 registrovanih, 6 sakrivenih i 526 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, _Sale, A.R.Chafee.Jr., amonsrb, aramis s, babaroga, Bahuss, banebeograd, bankulen, bojank2, dekao, Dragimir, dragon986, Duško2, havoc995, ikan, Ilija Cvorovic, ivan979, ivica976, Kinkou, Lucije Kvint, Milan A. Nikolic, miljannis, miodrag2, misa1xx, mladen.zovko, Nebo_M, nedeljkovici, ofbeyond, pein, Recce, rovac, S-lash, suponik, VJ, vobo, VP6919, Vzor50, wizzardone, zlatko192000, zodiac94, Zvrk2