Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised.
The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts.
At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment.
This is the injected code in the home page and its contents:
Here is the exploit page:
Websense Messaging and Websense Web Security customers are protected against this attack.