CBS Web Site Faces Malware Hack

Tags:  security  malware  hackers  Finjan  CBS 

  • By Liam Eagle, December 01, 2008

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (0)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

December 1, 2008 -- (WEB HOST INDUSTRY REVIEW) -- According to a report posted today by John E. Dunn of Techworld, Russian malware distributors succeeded in hacking the website of TV station CBS and using the site temporarily to distribute malware to the site's visitors.

The story credits security company Finjan with reporting the breach. Russian malware distributors were reportedly able to compromise a sub-domain of the CBS.com main site, serving remote malware to visitors through an iFrame attack - the placing of a single pixel of content from a remote site in a compromised page.

According to the report, the vulnerability of users to the attack would depend on the security software they were running, as well as their operating systems and browsers.

Yuval Ben-Itzhak, CTO of Finjan told Techworld that the company has seen an increase in the use of code obfuscation as a means of bypassing "traditional signature-based solutions."

Obfuscation, traditionally used in software programming to make reverse engineering difficult has gained traction in the malware world in the last several years as a means of "hiding" malicious code from the security programs that would seek to identify it.

According to Ben-Itzhak, the CBS case serves as an example of the fact that even the biggest websites can't necessarily be relied upon to be free of malicious content, and he recommends that web users "exercise caution at all times." There have been many recent examples of big-name sites compromised by iFrame and SQL injection attacks.

Techworld reports that Finjan had informed CBS of its site being compromised, but that the Russian exploit server had since been taken offline, leaving the attack inoperable for the time being.

OLDER:  ZNet Brings Hyper-V VPS to India | NEWER:  Logicworks Among Best NY Workplaces

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Related Content

Most Popular