19 March 2009
Over the past few months SophosLabs have been seeing a relatively new kit being used by attackers in drive-by downloads to infect victims with malware. The kit is known as LuckySploit, and in this blog I will take a brief look at it and what it currently is being used for.
Over the past few months numerous legitimate sites have been compromised with iframes whose purpose has been to load malicious content from various domains - mainly .cn - being controlled by criminals (also discussed by Danchev). Such compromised pages are being detected as Mal/Iframe-F.