Dark Reading
Protect The Business - Enable Access
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Geek.com Site Hacked Via Exploit Kit
Popular website is serving up malware, Zscaler researchers say By Tim Wilson"It has come to our attention that many different pages [on Geek.com] -- like the main homepage and about us page -- are infected with malicious iFrames pointing to different malicious sites," Zscaler said in a blog.
According to the blog, hackers injected a malicious HTML iFrame, or script tag, into the legitimate pages on the site.
Hackers inserted malicious code on the first article on the Geek.com home page, among others, the researchers say. "As this is first article is highlighted --and 'Call of Duty' is a very popular game -- one can assume that many people have fallen victim to this attack," the blog says. The article was published on May 13, and the malicious iFrame is injected at the bottom of the page, the researchers say.
"The malicious iFrame redirects victims to a malicious website hosting an exploit kit," Zscaler says. "Once you visit, heavily obfuscated JavaScript is returned which will target various known vulnerabilities." The resulting exploit looks much the same as those from other exploit kits, the blog says.
Neil Daswani, CTO of anti-malware vendor Dasient, confirmed the Zscaler research.
"The attack on Geek.com tells us that it is often the most tech-savvy websites that are at risk for getting infected," Daswani says. "We conducted a quick malware risk assessment on Geek.com's public-facing website, and found that over two-thirds of the pages had third-party JavaScript, external iFrames, and also an out-of-date version of a blogging package.
"While these third-party resources were all legitimate, any of these third-party resources or a Web application vulnerability could have been used as a backdoor to infect the site," Daswani says. "Website owners should conduct malware risk assessments."
Zscaler says such attacks are commonplace. "Unfortunately, we see hundreds of attacks such as this each and every day," the blog says. "Many legitimate websites are being compromised by taking advantages of poor coding practices in web applications. Attackers are constantly on the lookout for popular websites or top news sites as targets for their attacks. Users need to be aware that no site is a safe site."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
CA To Acquire Authentication Vendor Arcot Systems Inc. 08/30/2010
China, Taiwan Nab 450 Suspects In Biggest Fraud Raid Ever 08/30/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Understanding Web Application Security Challenges
08/24/2010
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSHow To Detect And Root Out Sophisticated Malware
Are You A Human Confirms Man Or Machine With Games
State Of Utah Fires Tech Director Over Breach
MORE KEYHOLE
- Analytics on Demand: A Services Approach for Increased Agility
- Big Data at High Speed: Complex Event Processing at 10x
- Protecting End Users Against Emerging Threats
- Enhance Business Performance with Process Oriented Data Stewardship
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
