Security Firm Trend Micro a Victim of Latest iFrame Attacks
Nothing is so humorous as when the web site of a security vendor gets hacked. OK, OK, it was hilarious when the RIAA site was hacked, too. And I'll admit: it's probably not as funny if it's your security vendor.
Earlier this week a massive attack on websites via iFrame was launched. According to McAfee's Avert Labs site:
This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities.These vulnerabilities have already been patched, but some, as listed on McAfee's site, appear to involve obscure ActiveX controls that site owners may not have known to patch. That wouldn't explain Trend Micro's problems, though.
Users are redirected by the hacked page to another site, which will try to install malware. Of course, a savvy user would cancel such an install. Someone more trusting might accept it. If they're lucky, their antivirus program will catch it. If not ...
Trend Micro confirmed that the web site had been hacked early in the week with these types of pages, but the pages were taken down and scrubbed clean on Tuesday night.
While this is of course, humorous, it's more so because Trend Micro is one of the larger security vendors. You'll recall that earlier in the year a small Indian firm was serving up a virus.
2 comments:
these are very aggressive attacks, and system admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains.
check here
http://extremesecurity.blogspot.com/2008/03/iframe-attacks-actions-to-be-taken.html
As a system admin, you should secure IE settings to put an end to those ActiveX exploits, besides, don't forget to patch the original vulnerabilities first.
http://extremesecurity.blogspot.com/2008/03/ie-activex-security-101.html
Post a Comment