ZScaler recently reported about an attack on Geek.com, a website that has been a very popular resource for online technology information since 1996.
Hackers have managed to redirect users to malicious sites and are attempting to install malicious software on visitor's machines.
On Sunday, zScaler reported that the main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits.
The malicious code attempts to take advantage of vulnerabilities on the end user’s machine.
According to zScaler:
If you look at the screenshot , you will notice that they feature the latest articles on the home page. The latest topic or article currently discussed is “Call of Duty: Modern Warfare 3 details leaked”. As this is first article is highlighted and “Call of Duty” is a very popular game, one can assume that many people have fallen victim to this attack. It is in the article itself where the malicious Iframe has been injected. (Click image to enlarge)
The malicious Iframe redirects victims to a malicious website hosting an exploit kit. Once you visit, heavily obfuscated JavaScript is returned which will target various known vulnerabilities. Here is what the exploit looks like: (Click image to enlarge)
Unfortunately, there are hundreds of similar attacks conducted on a daily bases on web pages like the ones displayed.
Many legitimate web resources are subject to cracking due to the admin's lack of experience in web application programming, and are often used by cybercriminals to spread their malicious software.
Attackers are always looking for popular sites and news portals, and attempt to use them as platforms for their attacks. Users have to always remember that safe sites do not exist.
Contributed by SecTechno
