Wednesday, August 22, 2007 7:25 AM
cmosby
Websense® - Security Labs Alert: EDB Business Partner site compromise
August 21, 2007
Malicious Code / Malicious Website: EDB Business Partner site compromise
Websense® Security Labs™ has discovered that the Web site of EDB Business Partner (www.edbbusinesspartner.com) has been compromised and infects visitors with malicious code that attempts to drop two files. Websense customers are prevented from inadvertently visiting this site.
Both files dropped are of malicious intent. The first file is a World of Warcraft trojan. The second file is designed to detect anti-virus protection.
The malicious code drops the malware through an old vulnerability in Internet Explorer (Microsoft Data Access Components Remote Code Execution, MS06-14). The compromised site contains a link to an external .js file that is hosted on a Web site we had previously categorized in our database as malicious.
EDB Business Partner is a hosting company that is known to host demanding business solutions like online banking systems, with over 1.4 million users. We have not detected any of the banking systems to be infected. We have notified EDB about this problem.
Screenshots of the infected page and its source code (the highlighted circle shows the 1x1 pixel malicious iframe):
Source: Websense® - Security Labs Alert: EDB Business Partner site compromise
Filed under: Patch Management, Browser Wars, Internet Explorer, Internet Hacks, Security