CBS website bitten by iFrame hack
This year's fashionable attack strikes again.
By John Dunn | Techworld | Published: 12:04, 01 December 2008
TV network CBS has become the latest big name to have it website used to host malware, a security company has reported.
It appears that Russian malware distributors were able to launch another iFrame attack on a sub-domain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.
"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs, said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.
"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.
"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.
Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.
iFrame and SQL injection attacks on big-name websites have been one of the fashionable attacks of 2008, embarrassing a string of household names.
Comments
Sanjay Kumar said: My Self Sanjay Kumar i am operating httpwwwmoneyinhandscom Recently i found IFrame Element on website This Element automatically add on my website i dont know about this and in future please tell me details about how i can protect my website httpwwwmoneyinhandscom against any element or malware
Earle said: Telling us what to look out for to prevent detect and repair attacks on our PCs and websites would be most useful
Fearmongering. said: These kind of articles keep cropping up and they NEVER say anything important to the end userWHAT exactly is the exploit How does it effect peopleDoes it effect Macintosh or just WindowsDoes it effect Firefox or other browsers or just ExplorerDoes it only effect people with OLD versions of Flash and Acrobat and all someone needs to do to protect themselves is updateWHY do these articles never give the practical information people need about things like this and instead just scream the sky is falling