U.S. media sites compromised, lead to malware
Posted on 07.05.2013
At least five U.S. media sites and a number of other popular ones have been compromised and are redirecting visitors to malicious URLs, Zscaler warns.

The sites have been injected with obfuscated JavaScript that contains an iFrame that redirects users to one of several sites serving the ZeroAccess Trojan and fake AVs.

The compromised sites include those belonging to Washington-based WTOP Radio and Federal News Radio, The Christian Post, Real Clear Science, Real Clear Policy, a popular online scuba diving forum, a picture aggregator site, and others. Zscaler researchers theorize that they probably have a common backend platform.

"Attacks targeting end users generally involve some form of social engineering whereby the potential victim must be convinced to visit a site, download a file, etc. Attackers will therefore write a script designed to comb the web looking for popular sites exposing a common flaw and when identified, inject a single line of malicious code into the sites," they explained. "In that way, any user visiting the otherwise legitimate (but now infected) site, can become a victim."

This particular mass compromise is targeting only Internet Explorer users, probably because the attackers are using exploits only for that particular software. Users who surf to the sites using any other browser don't trigger the redirection chain.

According to Zscaler, the sites were still compromised yesterday.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //