Home / mailings WSLabs, Malicious Website / Malicious Code: MSNBC's Turkish site compromise
Posted on 08 November 2007
Websense Security LabWebsense® Security Labs(TM)'s ThreatSeeker(TM) technology has discovered that MSNBC's Turkish site has been compromised. At the time of this writing, the site was infected with malicious code designed to infect the site's visitors through the use of an external JavaScript file. The file contained the malicious JavaScript code that was hosted in China.
Visitors to the Web site were infected with an exploit code tailored to their browser. Assuming that the visitors were vulnerable, password stealing code was installed and executed on their desktops, without requiring any user intervention. The widespread of this malicious code has been confirmed by the SANS Internet Storm Center in their most recent incident handler's diary: http://isc.sans.org/diary.html?storyid=3621
This is a Microsoft site, hosted by a partner. We are actively working with Microsoft's security personnel to fix the issue. Websense security customers are protected against users connecting to the Web sites hosting the malicious code.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=817
