BBS of Sougou Compromised

Forcepoint Security Labs

Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised.

The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts.

At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment.

This is the injected code in the home page and its contents:

Here is the exploit page:

Websense Messaging and Websense Web Security customers are protected against this attack.

Forcepoint Security Labs

These posts are based on research done by Forcepoint's X-Labs.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Learn more about Forcepoint

BBS of Sougou Compromised

Forcepoint Security Labs

About Forcepoint

Sign up for the latest from our research and development team

To the Point Cybersecurity

X-Labs

Get insight, analysis & news straight to your inbox

You are here

Forcepoint Security Labs

About Forcepoint

Sign up for the latest from our research and development team