IDG News Service >
 

Curious George’s latest mischief: malware

o Ellen Messmer
17.09.2009 kl 19:59 |

The Public Broadcasting System’s Web site has been infected at a section related to the Curious George children’s TV show and when the fake authentication page doesn’t work for the user, tries to drop malware on them, researchers said Thursday.

 

The Public Broadcasting System's Web site has been infected at a section related to the Curious George children's TV show and when the fake authentication page doesn't work for the user, tries to drop malware on them, researchers said Thursday.

When the log-in page fails, the end user is served an error page with malicious JavaScript that drags the user to a malicious domain where an attempt to exploit vulnerabilities on the user's desktop applications is made, says Paul Royal, principal researcher at security firm Purewire.

The attacks includes attempts against known vulnerabilities in Acrobat Reader, an AOL ActiveX control, Apple QuickTime and others. There are patches to correct these application vulnerabilities but if the user hasn't applied the patches, the exploit observed by Purewire at the PBS.org Web site could be successful in installing malicious code on the victim's desktop computer.

Slideshow: 20 useful IT security Web sites 

The malicious domain -- qxfcuc.info -- was registered through registrar eNom, Royal says. The registrant's identity is not public, perhaps because the registrant paid a $10 a year fee that is typically charged to keep identity private, he adds.

Purewire researcher Nidhi Shah indicated that the security firm first observed the PBS.org Web site malware infection on Monday because the Purewire service used by a customer picked it up. Purewire sought to notify PBS about the matter via e-mail but has so far not received a response.

Web sites are increasingly being compromised by malware, as the Websense Security Labs "State of Internet Security Report Q1 -- Q2 2009," published Wednesday, points out. The report says the growth in the number of malicious Web sites has more than tripled in the period and 77% of the Web sites with malicious code are legitimate, trusted sites that have been compromised.

Keywords: Security  
Latest news from IDG News Service

Copyright 2009 IDG Magazines Norge AS. All rights reserved

Postboks 9090 Grønland - 0133 OSLO / Telefon 22053000

Ansvarlig redaktør Henning Meese / Utviklingsansvarlig Ulf Helland / Salgsdirektør Tore Harald Pettersen