Hackers hijack PBS.org
Monday, September 21, 2009
Malicious JavaScript was found on PBS.org after hackers replaced code in the Curious George section of the website.
The hack redirected users who clicked on an image of the curious little monkey to an error page. The error page contained an iframe linked to a third-party .info domain, which hosted a wide array of malware, including exploits targeting Acrobat Reader, AOL SuperBuddy, AOL Radio AmpX and Apple QuickTime.
The web security blog Purewire said that information found on several associated web domains indicates that a criminal was using this exploit and others to build a botnet that he or she is planning to lease. PBS said that the malicious code was removed from the website late Friday. The number of users whose computers were infected is not known.
It is unknown how the hackers gained access to PBS.org in order to plant the malware-spreading JavaScript, but the incident does serve to further highlight the recent trend of criminals using legitimate websites to spread malicious programs and data. Security experts say that caution is necessary during the current wave of malware-related incidents.
Related News:
UK cops arrest two in Zbot Trojan case - 11.19.2009
The British Metropolitan Police took two suspected cyber criminals into custody earlier this month in connection with an investigation into the Zbot banking Trojan.
Facebook shakes up privacy policy in response to criticism - 11.19.2009
After a week-long comment period in which 7,000 Facebook users voiced their opinions, the giant social media network announced that it would overhaul and simplify its privacy policy.
Domain registrar VeriSign will receive "major security update" by 2011 - 11.19.2009
A well-known security vulnerability in the way .com and .net websites process DNS values - the way alphanumeric website names are translated into numeric web addresses - will be fixed, but not until 2011, according to a report from tech news website ZDNet.
Malware attack targeting fans of Twilight series - 11.18.2009
As with many recent hot news trends, the upcoming release of the second movie based on Stephenie Meyer's Twilight books has attracted the attention not just of the vampire wannabes, but of actual cyber criminals as well.
Giant black-hat SEO campaign funnels victims to scareware sites - 11.18.2009
Security researchers say that cyber criminals have conducted a large-scale campaign to influence Google results, pushing malware-spreading sites higher on the list and dropping legitimate results to the bottom.
|
