Torrentreactor Website Compromised

Posted on Wednesday, July 01, 2009 @ 15:23:37 PDT in Security: Websense
by Raven

 

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has detected that Torrentreactor, one of the oldest and most reliable torrent search engines on the Web, has been compromised and injected with malicious code. The site has been injected with an IFrame leading to a site laden with exploits. The exploits on the payload site include Internet Explorer (MDAC) and Microsoft Office Snapshot Viewer, as well as Adobe Acrobat Reader and Adobe Shockwave.

If the user's browser is successfully exploited, a malicious file is downloaded and run from the exploit site. The malicious file has an extremely low AV detection rate. The file (MD5: 24bd24f8673e3985fc82edb00b24ba73) is a Trojan Downloader and connects to a Bot C&C server at IP 78.109.29.116. After connecting to the IP, the file downloads a Rootkit installer from the same IP.

 
 
 
click Related        click Share
 
 
Associated Topics

Security
 
News ©

Site Info v2.2.2 ©

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 362,318,271
  • Today: 33,946
Server InfoServer Info
  • Jul 23, 2018
  • 08:06 am PDT
 
 

Daily Inspiration