Geek.com Spreading Malware via Invisible iFrame

Wednesday, May 18, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

ZScaler recently reported about an attack on Geek.com, a website that has been a very popular resource for online technology information since 1996.

Hackers have managed to redirect users to malicious sites and are attempting to install malicious software on visitor's machines.

On Sunday, zScaler reported that the main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits.

The malicious code attempts to take advantage of vulnerabilities on the end user’s machine.

According to zScaler:

If you look at the screenshot , you will notice that they feature the latest articles on the home page. The latest topic or article currently discussed is “Call of Duty: Modern Warfare 3 details leaked”. As this is first article is highlighted and “Call of Duty” is a very popular game, one can assume that many people have fallen victim to this attack. It is in the article itself where the malicious Iframe has been injected. (Click image to enlarge)

image

The malicious Iframe redirects victims to a malicious website hosting an exploit kit. Once you visit, heavily obfuscated JavaScript is returned which will target various known vulnerabilities. Here is what the exploit looks like: (Click image to enlarge)

image


Unfortunately, there are hundreds of similar attacks conducted on a daily bases on web pages like the ones displayed.

Many legitimate web resources are subject to cracking due to the admin's lack of experience in web application programming, and are often used by cybercriminals to spread their malicious software.

Attackers are always looking for popular sites and news portals, and attempt to use them as platforms for their attacks. Users have to always remember that safe sites do not exist.

Contributed by SecTechno

Possibly Related Articles:
5803
Viruses & Malware
Browser Security malware Javascript Vulnerabilities Web Application Security iFrame Injection Headlines Geek.com
Post Rating I Like this!
Default-avatar
Johnny Wong I have a noob question: how did the iframe get onto the site in the first place? Was the HTML code injected through a traditional attack like SQL Injection?
1305774447
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.