Websense® Security Labs™ has discovered that the official site of Audi in Taiwan has been compromised.

The site www.audi.com.tw contains an iframe that leads to another page located on the domain www.misofthelp.com. This site is obfuscated, using the 7-bit US-ASCII bypass technique. Once this obfuscation technique is bypassed, the script is further obfuscated. The resulting decoded page reveals a Visual Basic Script that contains an ADOdb (database extraction library) exploit. The exploit within the page downloads and executes a file called update.exe (Trojan PWS).

You must be logged in to post a comment.