SecurityHome.eu WSLabs, Malicious Web Site / Malicious Code: MSNBC is latest victim in mass javascript injection

Home / mailings PDF

WSLabs, Malicious Web Site / Malicious Code: MSNBC is latest victim in mass javascript injection
Posted on 18 March 2008
Websense Security Lab
Websense(R) Security Labs(TM) has discovered that the official Web site of MSNBC Sports has been compromised with malicious code. This same attack has compromised dozens of other high-profile sites such as ZDNet, archive.org, wired.com, and history.com.

This attack has been discussed in our previous blog. A link to a malicious JavaScript file has been inserted into the source of the Web site. Visitors to the site execute the script, which attempts to gain access to the visitor's computer.

We have notified the owners of MSNBC of the malicious content on their site. It is important to note that the hub site that is hosting the malicious JavaScript is currently down.

References:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=179
http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=848

TOP

Mailings :

Last 20

Exploits :

Last 20