Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Websense’Security Alert

February 2009 by Websense

Websense® Security Labs ThreatSeeker Network has discovered that the eWeek.com Web site is serving malicious advertisements (malvertisements) to visitors.

eWeek.com is the online version of the popular business computing magazine. When users browse to the home page of eWeek, a malvertisement hosted on the DoubleClick advertisement network performs a redirect to a malicious Web site through a series of iframes.

Either a pdf document containing exploit code is served, or index.php redirects to the rogue ad-server.

With no user interaction, a file named "winratit.exe" (MD5: 12DA1D62B7335CBE6D6EA270247BBC1) is installed in the user’s temporary files folder.Two additional files are dropped onto the user’s machine and are bound to startup. The host file is also modified so that if the user tries to browse to popular software download sites to remedy the infected machine, s/he is instead directed to a malicious Web site offering further rogue AV downloads.

The name of the rogue AV application is Anti-Virus-1. If the user chooses to register the rogue AV, a connection is made to hxxp://[removed]-site.info/ which has been setup to collect payment details.

Websense® Security Labs has let eWeek know about the problem and they are working to fix it.

Websense Messaging and Websense Web Security customers are protected against this attack.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts