SophosLabs are in the process of contacting one of the people hit by this latest burst of Troj/Iffy-B infections.
The reason that this one caught my eye was that on the same site was a copy of Exp/QTP-A.
First, let us look at the Troj/Iffy-B infections!
As for previous flowcharts describing web attacks that we’ve included in this blog :
- green arrow: iframe
- red arrow: exploit
- solid line: between different domains
- dotted line: between files on the same domain
Ultimately, Troj/Iffy-B will attempt to download a Trojan, proactively detected as Mal/Behav-066, via Iframes and exploits.
This brings me back to the occurrence of Exp/QTP-A on the initial hacked website. For many years now, the importance of ensuring that desktops are kept up to date with the latest patches has been highlighted, but these regular infections of webservers shows that it is just as important to ensure all machines, including webservers are monitored and maintained at the same level