So we all know ARP poisoning / spoofing is really easy to do and it’s not a new concept at all . . . but the miscreants appear to have finally figured out a way to make money using it.
Check out this blog post from my buddy Neil Carpenter – who joined the PSS Security team shortly after I left . . . http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx
Related to the ‘Italian Job’ that I failed to blog about last week? Probably not – those servers definitely appear to have been auto-pwn3d (i.e. the actual web pages on the server were modified and the IFRAME was injected there) . . . but still – one can only imagine that this type of malware will become more prevalant in the future . . .
Oh – and those ‘Italian Job’ web servers all seemed to have one thing in common . . . Apache . . .