Home / mailings WSLabs, Malicious Code / Malicious Website: EDB Business Partner site compromise
Posted on 22 August 2007
Websense Security LabWebsense® Security Labs(TM) has discovered that the Web site of EDB Business Partner (www.edbbusinesspartner.com) has been compromised and infects visitors with malicious code that attempts to drop two files. Websense customers are prevented from inadvertently visiting this site.
Both files dropped are of malicious intent. The first file is a World of Warcraft trojan. The second file is designed to detect anti-virus protection. The malicious code drops the malware through an old vulnerability in Internet Explorer (Microsoft Data Access Components Remote Code Execution, MS06-14). The compromised site contains a link to an external .js file that is hosted on a Web site we had previously categorized in our database as malicious.
EDB Business Partner is a hosting company that is known to host demanding business solutions like online banking systems, with over 1.4 million users. We have not detected any of the banking systems to be infected. We have notified EDB about this problem.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=798
