{"id":382707,"date":"2010-03-03T01:42:59","date_gmt":"2010-03-03T06:42:59","guid":{"rendered":"http:\/\/www.szone.us\/f85\/malicious-web-site-malicious-code-bbs-sougou-compromised-40260\/"},"modified":"2010-03-03T01:42:59","modified_gmt":"2010-03-03T06:42:59","slug":"malicious-web-site-malicious-code-bbs-of-sougou-compromised","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/382707","title":{"rendered":"Malicious Web Site \/ Malicious Code: BBS of Sougou Compromised"},"content":{"rendered":"<div>03.01.10 04:00 PM<\/p>\n<p>Websense\u00ae Security Labs? ThreatSeeker? Network has discovered that the BBS of Sougou has been compromised.<\/p>\n<p> The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts. <\/p>\n<p> At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment. <\/p>\n<p> This is the injected code in the home page and its contents: <\/p>\n<p><img decoding=\"async\" src=\"http:\/\/securitylabs.websense.com\/content\/Assets\/AlertMedia\/BBS_of_Sougou_Compromised_1.png\" border=\"0\" alt=\"\" \/> <\/p>\n<p> <img decoding=\"async\" src=\"http:\/\/securitylabs.websense.com\/content\/Assets\/AlertMedia\/BBS_of_Sougou_Compromised_2.png\" border=\"0\" alt=\"\" \/> <\/p>\n<p>Here is the exploit page: <\/p>\n<p><img decoding=\"async\" src=\"http:\/\/securitylabs.websense.com\/content\/Assets\/AlertMedia\/BBS_of_Sougou_Compromised_3.png\" border=\"0\" alt=\"\" \/> <\/p>\n<p>Websense Messaging and Websense Web Security customers are protected against this attack. <\/p>\n<p><a href=\"http:\/\/securitylabs.websense.com\/content\/Alerts\/3574.aspx\" >http:\/\/securitylabs.websense.com\/con&#8230;erts\/3574.aspx<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>03.01.10 04:00 PM Websense\u00ae Security Labs? ThreatSeeker? Network has discovered that the BBS of Sougou has been compromised. The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The [&hellip;]<\/p>\n","protected":false},"author":4744,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-382707","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/382707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/4744"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=382707"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/382707\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=382707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=382707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=382707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}