Wednesday, March 05, 2008 7:28 AM
cmosby
ZDNet Asia Compromised? - F-Secure Weblog : News from the Lab
ZDNet Asia Compromised?
Posted by Fei @ 04:28 GMT | Comment (1)
ZDNet Asia is one of my bookmarked online resources that I frequently visit. The site is NOT compromised per se; rather, their site's search engine was abused by an attacker with queries of popular keywords. Leveraging on the fact that the site is, legitimate, and has high page ranks, the popular search engines are returning some of these 'iFRAME'ed results in the first few pages of the search results. And the objective? To get the unsuspecting user to click on the link.
The last time we checked, 20,600 cached pages loading the iFRAME was found. Upon clicking on the malicious link, you get redirected to some Russian Business Network's IPs and RBN is notoriously known for hosting not only malware but also rouge antivirus and antispyware applications. At the end of the redirects, the unsuspecting user might be a victim of a Zlob trojan.
We detect it as Trojan-Downloader:W32/Zlob.HOG.
Signing off,
Fei
Source: ZDNet Asia Compromised? - F-Secure Weblog : News from the Lab
Filed under: Security and Anti-Virus, Internet Hacks, Cybercrime