A report made by SANS that by searching “money” in google, one of the search results (http : //www . <BLOCKED> . com) would be a site which would compromise the user’s pc.
I tried to search “money” in google but did not find the said site maybe google has already taken it down.
So I tried the link mentioned and it is up and running.
The site fronts itself as GOLD COMPANY GROUP – a management fund aimed at the middle-sized investors worldwide.
But in truth, hidden among the code of this site is an IFRAME directing to http:// www.<BLOCKED>.com /image /index.htm which contains another iframe directing to two sites.
- http: //www.<BLOCKED>.com /image /b.htm – This is already detected by Trend as JS_ONLOADXPLT.A
- http: //www.<BLOCKED>.com /image /f.htm – while this also contains an exploit code that is used by JS_ONLOADXPLT.A
Which results to the user’s system being compromised.
Just a fair warning to Internet surfers out there, not everything that is seen in the net is good, always double check the links that you go to.
Also to be more secure, set your browser’s security settings to HIGH and always patch your systems with the latest updates.