[unisog] Arp Spoofing
Reg Quinton
reggers at ist.uwaterloo.ca
Thu May 8 13:51:17 GMT 2008
The SANS article on SQL injection (see
http://isc.sans.org/diary.html?storyid=4393) refers to a shadownet article
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080507
That describes the results of the injection (ultimately the client who
approaches an infected site downloads an exe and a config). They comment:
"This is a malware family we have been seeing for some time now. This
malware has several different capabilities through the above configuration
file to include ARP spoofing to inject malicious code into webpages of users
on the LAN"
Which sounds an awful lot like what Russell reported.
I am, Reg Quinton <reggers at ist.uwaterloo.ca>
Senior Technologist, Security
Information Systems and Technology
University of Waterloo, 200 University Ave W
Waterloo, Ontario N2L 3G1 Canada
+1 519 888-4567x36070
More information about the unisog
mailing list