CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 18th, 2009

Film Review Site Aintitcool.com Hacked, Infected Visitors With Malicious PDFs

Hackers on Thursday exploited a vulnerability on Ain’t It Cool News (http://aintitcool.com) that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.

The attack targeted a vulnerable PHP script on one of AICN’s servers that automatically appended the malicious link to banner ads served on the site, its publisher, Roland De Noie, said. As a result, anyone visiting the site over a 90-minute period on Thursday morning was silently redirected to speedconnection.cn which served a malicious file named annonce.pdf.

The booby-trapped PDF, according an analysis by researchers at Praetorian Prefect, exploited two vulnerabilities in Adobe Reader that the company has already fixed. When the file is opened by unpatched versions of Reader, it launches malicious shell code that hijacks the machine. Only 12 of the 41 major anti-virus programs currently detect the trojan, according to VirusTotal analysis.

In September, Mozilla found that more than half of Firefox users used insecure versions of Adobe Flash. It wouldn’t be surprising to find a similarly large proportion of the population using out-of-date versions of Reader, too.

“The point of weakness was actually our own ad server,” De Noie said. The unknown attackers “had cracked through a PHP server flaw and appended this link to all the ads.”

AICN has yet to warn its users that they may have been attacked. De Noie said his staff was still collecting information. The attack came as a shock to some AICN readers, many who consider themselves enthusiasts of science-fiction, fantasy and horror films.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • UK Government Website Hacked And Infected
  • MPAA-Run Copyprotected.com Website Defaced By Anonymous, Redirects To Thepiratebay.org
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • Fully-patched Adobe Reader 8.1.3 and 9.0.0 Vulnerable To New In-the-wild Attacks
  • Texas National Guard Website Remains Unavailable After Malware Infection

    • Posted in Breaches And Incidents, Malware, Targeted Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, December 18th, 2009 at 3:47 am and is filed under Breaches And Incidents, Malware, Targeted Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Film Review Site Aintitcool.com Hacked, Infected Visitors With Malicious PDFs

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »