Exposing a Malware Serving Client-Side Exploits Serving Campaign at CNET’s Download.com Abusing Input Validation Flaws – An Analysis

NOTE:

I took these screenshots in 2008.

Did you know that back in 2008 CNET’s Download.com used to suffer from a major input validation flaw which the infamous back then RBN (Russian Business Network) used to exploit in terms of having automatically and rogue and bogus users registering on the Web site and posting iFrame injected comments which were in fact redirecting the Web site’s users to a malware-serving client-side exploits serving campaigns and domains courtesy of the RBN? Check out the analysis.

Sample screenshots include:

Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products