(10/15/2007)
NCFTA was alerted to the existence of a web-based kit known as n404, sometimes referred to as n404-X. Similar to MPACK and WebAttacker, this exploit allows hackers to create malicious and automated websites. The kit is named after HTTP error code 404, and contains nine different malicious URLs which are signified by the X in n404-X. “The X represents the numbers 1 through 9, meaning the HTML pages evolve and change every 5 to 10 minutes, thus producing more malicious pages. Currently there are 130 plus sites.” When the links containing the exploit are clicked, they resolve to an HTTP error page. In actuality, each URL points to a webpage containing obfuscated exploit code attempting to utilize a specific vulnerability. This allows hackers to control the type of malicious files downloaded and also to install more malicious files.
http://www.ncfta.net/alerts.asp?id=92
NCFTA was alerted to the existence of a web-based kit known as n404, sometimes referred to as n404-X. Similar to MPACK and WebAttacker, this exploit allows hackers to create malicious and automated websites. The kit is named after HTTP error code 404, and contains nine different malicious URLs which are signified by the X in n404-X. “The X represents the numbers 1 through 9, meaning the HTML pages evolve and change every 5 to 10 minutes, thus producing more malicious pages. Currently there are 130 plus sites.” When the links containing the exploit are clicked, they resolve to an HTTP error page. In actuality, each URL points to a webpage containing obfuscated exploit code attempting to utilize a specific vulnerability. This allows hackers to control the type of malicious files downloaded and also to install more malicious files.
http://www.ncfta.net/alerts.asp?id=92