[unisog] Arp Spoofing

Reg Quinton reggers at ist.uwaterloo.ca
Thu May 8 13:51:17 GMT 2008


The SANS article on SQL injection (see
http://isc.sans.org/diary.html?storyid=4393) refers to a shadownet article

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080507

That describes the results of the injection (ultimately the client who
approaches an infected site downloads an exe and a config). They comment:

"This is a malware family we have been seeing for some time now. This
malware has several different capabilities through the above configuration
file to include ARP spoofing to inject malicious code into webpages of users
on the LAN"

Which sounds an awful lot like what Russell reported.

I am, Reg Quinton <reggers at ist.uwaterloo.ca>
      Senior Technologist, Security
      Information Systems and Technology
      University of Waterloo, 200 University Ave W
      Waterloo, Ontario N2L 3G1 Canada
      +1 519 888-4567x36070








More information about the unisog mailing list