Today, we discovered that NingBo SME Credit Guarantee Association (NCGA), a Chinese government web site, is infected with a malicious hidden IFRAME. Of the infected page, is one where member registration is required. Here is the infected webpage:
The iframe is injected at the bottom of the webpage (hxxp://nbdb.nbsme.gov.cn/reg.asp). and the following is a screenshot of the infected iframe:
The malicious iframe when decoded points to additional JavaScript. Here is the decoded script,
Currently, above mentioned malicious site is down.
Be Safe.
Umesh
Posts
No comments:
Post a Comment