CBS Web site bitten by iFrame hack

Russian malware distributors launch an iFrame attack on a subdomain of cbs.com so it served remote malware to visitors

Written by John E. Dunn
InfoWorld
December 01, 2008
Original Article

TV network CBS has become the latest big name to have it Web site used to host malware, a security company has reported.

It appears that Russian malware distributors were able to launch another iFrame attack on a subdomain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.

"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs," said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.

"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.

"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.

Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.

iFrame and SQL injection attacks on big-name Web sites have been one of the fashionable attacks of 2008, embarrassing a string of household names.

 

More Links:
image
Contact us for help and product info
image
View our F.A.Q.section
image
Site Map
image

 

 

Upgrade to the 3Gweb®
 Self-Defending
Web server

before
you get a hit  
by an attacker!

 


image
te authorities should have upgraded to more secure algorithms such as SHA-1 "years ago," said Bruce Schneier, a noted cryptography expert and chief security technology officer at BT PLC.

RapidSSL.com will stop issuing MD5-based digital certificates by the end of January and is looking for ways to encourage its customers to move to new certificates after that, said Tim Callan, VeriSign's vice president of product marketing. But first, Callan added, VeriSign wants to get a good look at the new research.

Molnar and his team have communicated their findings to VeriSign indirectly, via Microsoft, but they have yet to speak directly to VeriSign, out of fear that it might take legal action to quash their talk. In the past, companies sometimes have obtained court orders to prevent security researchers from talking at hacker conferences.

Callan said he wished that VeriSign had been given more information ahead of time. "I can't express how disappointed I am that bloggers and journalists are being briefed on this but we're not, considering that we're the people who have to actually respond," he said.

While Schneier said he was impressed by the math behind this latest research, he said that there are already far more important security problems on the Internet — weaknesses that expose large databases of sensitive information to attackers, for example.

"It doesn't matter if you get a fake MD5 certificate, because you never check your certs anyway," he said. "There are dozens of ways to fake that, and this is yet another."




More Links:
image
Contact us for help and product info
image
View our F.A.Q.section
image
Site Map
image

 

 

Upgrade to the 3Gweb®
 Self-Defending
Web server

before
you get a hit  
by an attacker!

 


image
/font>被黑客攻击和