CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 16th, 2008

Adobe Redirects Surfers To Malware Installing Malicious Sites

SophosLabs discovered during last week that Adobe is hosting a web page that redirects unsuspecting visitors to websites that attempt to install malware on vulnerable machines. The company was informed of the problem on Friday, but six days later, it still hasn’t been fixed.

The infection, which resides at www.seriousmagic.com/help/tuts/tutorials.cfm?p=1, instructs users browsers to silently install a malicious file from a series of domains known to host attack sites. Adobe announced its acquisition of Serious Magic two years ago and whois records indicate the company is the owner of the seriousmagic.com domain:

seriousmagic.com

66.240.157.68

Adobe Systems Incorporated
345 Park Avenue
San Jose, CA 95110
US

Admin, DNS [email protected]
345 Park Avenue
San Jose, CA 95110
US
+1.4085366000

ADOBE-DNS.ADOBE.COM
ADOBE-DNS-3.ADOBE.COM
ADOBE-DNS-2.ADOBE.COM

Adobe was notified of the infected page on Friday. Currintly the link is still trying to redirect users to a series of malicious sites including abc.verynx.cn/w.js and 1.verynx.cn/w.js. While those links no longer appeared to be active, two other sites used in the attack, jjmaobuduo.3322.org/csrss/w.js and www2.s800qn.cn/csrss/new.htm, were still active. Do NOT visit those links as they might infect your computer.

The sites are associated with malware that spreads by infecting legitimate sites using SQL injections. Such attacks take advantage of web developers who write SQL database applications that accept user-supplied data without inspecting it for malicious characters. They work across a broad array of web applications.

With Fortune 1000 companies such as Adobe punting malicious links, it’s no wonder security experts estimate that more than half of the websites hosting malware were legitimate destinations that had been hacked. Sensitive government websites on both sides of the Atlantic have also been commandeered over the past year.

Sophos has been trying to contact Adobe since Friday to advise them of the problem, and as yet have had no response.

Share this item with others:

More on CyberInsecure:
  • Scammers Avoid Spam Detection By Using Redirection In Adobe Flash Files And ImageShack.com Free Hosting
  • Malicious Javascript Code In Another CNET Networks Website
  • Adobe Flash Player SWF File Zero-Day Remote Code Execution Vulnerability
  • New Koobface Worm Variant Spreads Across Facebook, Myspace, Hi5 And Other Social Networks
  • Increasing Number Of Websites Infected With Troj/Unif-B

    • Posted in Adobe, Malware, SQL Injections, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Thursday, October 16th, 2008 at 3:05 pm and is filed under Adobe, Malware, SQL Injections, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Adobe Redirects Surfers To Malware Installing Malicious Sites

    2 Responses to “Adobe Redirects Surfers To Malware Installing Malicious Sites”

    1. Travis Farral Says:
      October 17th, 2008 at 8:03 am

      I notified NetIQ about a similar problem on their website at this address: https://www.netiq.com/f/form/form.asp?id=2204

      It attempts to install malware from http://www.killpp.cn. As of right now, this malicious link is still active on that page.

    2. Ruth Says:
      October 30th, 2008 at 1:13 am

      Protect your computer.
      If you are like me then you have probably tired many different types of scans to try and protect your computer. There are many different options available but I have found that most of them pick up the same bugs whether you pay for the scan or download a free version. Search-and-destroy (http://www.search-and-destroy.com) is one of the best that I have found so far and it cost less than many of the other well-known scans on the market today. If you are searching for a good scan I suggest that you check out the antispyware solution from Search-and-destroy.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »