High-profile Advertiser Media-servers.net Website Hacked, Serving Exploits Cocktail
Websense Security Labs has reported that the site media-servers.net has been compromised and injected with malicious code. The Web site belongs to a high-profile advertiser on the Internet realm. It’s important to note that media-servers.net serves advertising content from ad.media-servers.net, and that this site is clean.
The injected code is part of an ongoing mass injection campaign that compromised thousands of legitimate Web sites. The exploits associated with this attack are:
Microsoft DirectShow CVE-2008-0015
Microsoft Snapshot Viewer CVE-2008-2463
Microsoft Data Access Components (MDAC) CVE-2006-0003
AOL ConvertFile() remote buffer overflow exploit
There is also an autoloading malicious PDF file that holds the next vulnerabilites:
Adobe Reader and Acrobat 8.1.1 buffer overflow CVE-2007-5659
Adobe Acrobat and Reader 8.1.2 buffer overflow CVE-2008-2992
If the user’s browser is successfully exploited, a malicious file is downloaded and run in the user’s Windows home directory from another collaborated exploit site. The malicious file (SHA1: 6776489a0ed889fbabb317763c7c913fdc782631) has an extremely low AV detection rate at the time the file was checked.
Credit: Websense Security Labs ThreatSeeker Network
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.