Saturday, October 20, 2007 hacked?!

It seems that some pages of a mobile-phone games website have been hacked to execute malicious looking Javascript. As seen from below screenshot, the script is executed when certain links at Myphonegames are clicked:

This script makes use of iframe and loads an HTML page -

This HTML page drops a file named Ntdetect.exe to the root drive:

However, Ntdetect.exe is not actually an executable but it's an HTML file:

This surely is a drive-by-download attempt to drop malware. Even though files that are dropped as of now are non-malicious, this can change at anytime and malicious files can be dropped without knowledge of the user! Finally, here's what Google says about


Post a Comment

<< Home