CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 1st, 2009

Torrentreactor.net Website Compromised, Serves Exploits Through IFRAME

Websense Security Labs has detected that Torrentreactor, one of the oldest and most reliable torrent search engines on the Web, has been compromised and injected with malicious code. The site has been injected with an IFrame leading to a site laden with exploits. The exploits on the payload site include Internet Explorer (MDAC) and Microsoft Office Snapshot Viewer, as well as Adobe Acrobat Reader and Adobe Shockwave.

According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims’ machines. If the user’s browser is successfully exploited, a malicious file is downloaded and run from the exploit site. The file is a Trojan Downloader and connects to a Bot C&C server at IP 78.109.29.116. After connecting to the IP, the file downloads a Rootkit installer from the same IP. This IP address has ties to the Russian Business Network.

This isn’t the first time that security researchers have reported Torrentreactor is foisting malware on its users. In March 2008, the site suffered a similar iframe attack, according to Dancho Danchev.

Credit: The Register
Credit: Websense Security Labs

Share this item with others:

More on CyberInsecure:
  • Sections Of PBS.org Website Hijacked, Serving A Cocktail Of Dangerous Exploits
  • CBS.com Subdomain Compromised, Installing Malware On Visitors PC’s
  • High-profile Advertiser Media-servers.net Website Hacked, Serving Exploits Cocktail
  • Infect Your Own Website Visitors For Russian Cash
  • Lenovo Support Website Loads Malicious IFrame, Infects Visitors With Trojan

    • Posted in BitTorrent, Breaches And Incidents, Malware, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, July 1st, 2009 at 11:55 am and is filed under BitTorrent, Breaches And Incidents, Malware, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Torrentreactor.net Website Compromised, Serves Exploits Through IFRAME

    One Response to “Torrentreactor.net Website Compromised, Serves Exploits Through IFRAME”

    1. christine dreyer Says:
      October 5th, 2009 at 5:23 pm

      i have been trying to deleat torrent reactor it just wont budge

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »