Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 10th, 2009

High-profile Advertiser Website Hacked, Serving Exploits Cocktail

Websense Security Labs has reported that the site has been compromised and injected with malicious code. The Web site belongs to a high-profile advertiser on the Internet realm. It’s important to note that serves advertising content from, and that this site is clean.

The injected code is part of an ongoing mass injection campaign that compromised thousands of legitimate Web sites. The exploits associated with this attack are:

Microsoft DirectShow CVE-2008-0015
Microsoft Snapshot Viewer CVE-2008-2463
Microsoft Data Access Components (MDAC) CVE-2006-0003
AOL ConvertFile() remote buffer overflow exploit

There is also an autoloading malicious PDF file that holds the next vulnerabilites:

Adobe Reader and Acrobat 8.1.1 buffer overflow CVE-2007-5659
Adobe Acrobat and Reader 8.1.2 buffer overflow CVE-2008-2992

If the user’s browser is successfully exploited, a malicious file is downloaded and run in the user’s Windows home directory from another collaborated exploit site. The malicious file (SHA1: 6776489a0ed889fbabb317763c7c913fdc782631) has an extremely low AV detection rate at the time the file was checked.

Credit: Websense Security Labs ThreatSeeker Network

Share this item with others:

More on CyberInsecure:
  • Sections Of Website Hijacked, Serving A Cocktail Of Dangerous Exploits
  • Hacked And Defaced
  • Thousands Of Sites Infected In Renewed SQL Injection Attacks
  • UK Home Office Crime Reduction Website Hosted Italian Phishing Scam
  • Educational And Military Networks Under Botnet attacks

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: High-profile Advertiser Website Hacked, Serving Exploits Cocktail

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.