Websense Security Labs Alert: the Center for Defense Information (CDI) Web site has been compromised
July 2009 by Websense
Websense Security Labs ThreatSeeker Network has discovered that the Center for Defense Information (CDI) Web site has been compromised.
The site is injected with a JavaScript code that exploits the latest Microsoft Office Web Components Control vulnerability, as shown below. The vulnerability is in the Internet Explorer ActiveX control used to display Excel spreadsheets (CVE-2009-1136).
The exploit code pushes a Trojan from hxxp://vicp.cc/. The Trojan has more than 50% detection. Note that Microsoft provides a workaround for the problem in their Fixit program.
Websense Messaging and Websense Web Security customers are protected against this attack.