[ISN] CBS website bitten by iFrame hack
InfoSec News
alerts at infosecnews.org
Tue Dec 2 01:26:50 CST 2008
http://www.techworld.com/security/news/index.cfm?newsID=107833
By John E. Dunn
Techworld
01 December 2008
TV network CBS has become the latest big name to have it website used to
host malware, a security company has reported.
It appears that Russian malware distributors were able to launch another
iFrame attack on a sub-domain of the cbs.com site so that it was serving
remote malware to any visitors. A user's vulnerability to the malware
attack launched by the site hack would depend on a number of factors,
including the type of security used on a PC, the operating system, and
possibly the browser version.
"This saga confirms our many previous warnings that obfuscated code
posing a serious threat to Internet users' PCs, said Finjan CTO, Yuval
Ben-Itzhak, who has devoted a fair amount of time in recent months to
finding these hacks.
"Our Threats Reports have continued to identify the increasing use of
code obfuscation as a means of bypassing traditional signature-based
solutions in order to propagate malware," Ben-Itzak continued, taking a
pop at the anti-virus products against which his company in part
competes.
[...]
More information about the ISN
mailing list