It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. As seen from below screenshot, the script http://xvgaoke.cn/1.js is executed when certain links at Myphonegames are clicked:
This script makes use of iframe and loads an HTML page - http://xvgaoke.cn/1.htm:
This HTML page drops a file named Ntdetect.exe to the root drive:
However, Ntdetect.exe is not actually an executable but it's an HTML file:
This surely is a drive-by-download attempt to drop malware. Even though files that are dropped as of now are non-malicious, this can change at anytime and malicious files can be dropped without knowledge of the user! Finally, here's what Google says about http://xvgaoke.cn:
Myphonegames.co.uk hacked?!
By secgeeks - Posted on October 20th, 2007
Tagged:
51
vote
Bookmark/Search this post with:
http://www.secgeeks.com/trackback/1142
