X-Labs
March 2, 2010

BBS of Sougou Compromised

Forcepoint Security Labs

Websense® Security Labs™ ThreatSeeker™ Network has discovered that the BBS of Sougou has been compromised.

The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts.

At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment.

This is the injected code in the home page and its contents:

Here is the exploit page:

Websense Messaging and Websense Web Security customers are protected against this attack.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Forcepoint Security Labs

These posts are based on research done by Forcepoint's X-Labs.

Read more articles by Forcepoint Security Labs