Hackers hacked one of the sites of RBC
On September 30, Kaspersky Lab analysts received a message about the incomprehensible behavior of web browsers when opening the page top.rbc.ru : Internet Explorer with all the patches that were released crashed; Firefox worked, but it “ate” about 400 MB of RAM.
In the process of analyzing the analytics page, Kaspersky Labs found in its code a link leading to a site registered in the pp.se domain. This link revealed a script containing an exploit of the vulnerability described in the Microsoft Security Advisory (926043).
The exploit downloads a new version of the Trojan-PSW.Win32.LdPinch - ayj to the attacked computer, which then sends all reports with passwords to attackers via the “gate” located on the same site.
In the process of analyzing the analytics page, Kaspersky Labs found in its code a link leading to a site registered in the pp.se domain. This link revealed a script containing an exploit of the vulnerability described in the Microsoft Security Advisory (926043).
The exploit downloads a new version of the Trojan-PSW.Win32.LdPinch - ayj to the attacked computer, which then sends all reports with passwords to attackers via the “gate” located on the same site.
')
Source: https://habr.com/ru/post/1843/
All Articles