During our web crawls we sometimes come across bizarre findings or patterns we haven’t seen before. This was the case with a particular drive-by download attack planted on Chinese websites. While by no means advanced (it turned out to be fairly buggy), we witnessed a threat actor experimenting with several different exploits to drop malware. For years we have cataloged thousands of Chinese websites injected with the same malicious and rudimentary VBScript code. Even to this day, you can find a countless number of sites that have been (or still are) compromised with that pattern, and most of them happen to be hosted in China.
View full story
ORIGINAL SOURCE: Security Boulevard