Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this:
While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.
It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?
I’m not sure if I mentioned this already, but my wife went for a week-long holiday with friends last Friday therefore I’m quite busy babysitting this week, taking care of the kids and household, and, not surprisingly, running out of steam. That is my excuse for just having a very short post today. But back to the subject:
Do you know what is the ultimate irony in the life of a virus analyst?
This is when he needs some books about coding (actually, a book on subject “language of math”) and the special online shop that deals with this kind of literature is itself infected… The bug name is “VBS:Obfuscated-gen” and because the site is still infected, I won’t disclose its name. Who knows. You might get tempted to go look around the site for some math or coding literature.
… and Michal (the victim) thank you for the tip
New Zealand’s state MetService website was hijacked by malware (apparently a fake antivirus) during a particularly high time for traffic, according to a stuff.co.nz news article. The article has prompted more than 100 comments in the first day, mostly from understandably upset site visitors who may have picked up the malware on their computers.
Here, however, I just want to show you one comment, as it’s nice to see this sort of feedback in the real world. It’s no secret that we typically offer our free version in tests against our competitors’ paid-for versions, but even the results from independent testing facilities don’t feel as rewarding as feedback like this from our user community:
Fortunately for those MetService users who were not using avast!, they can install it now and run the avast! boot-time scan — and that should do the trick.
In the previous month the World Wide Web was subject to one of the heaviest attacks since it first came into existence. Thousands of legitimate websites were attacked by the Trojan horses JS:Redirector-H and JS:Redirector-J, the aim of which was to infect millions of unsuspecting users. avast! was the first antivirus program to detect the infection right at the start and all users of avast! were protected throughout the duration of the attack. Now, more than a month after the attack was first detected, it is possible to assess the attack.