Infected eWeek.com Redirects Users to Bogus AV SiteEWeek.com, a site for tech news, faced problems when its top page was corrupted for a short period with a bunch of malicious programs recently. The infection, possible with a commonly found browser exploit, was discovered by security software provider Websense on the morning of February 24, 2009. Websense explained that when visitors to eWeek browse the main page, a malicious advert hosted on the advertisement network DoubleClick redirects the user to a hostile website via a number of iframes. The redirect takes the user to a PDF document with an attack code or an index.php file that leads to the malicious ad-server. Subsequently, even without any user participation, an executable file called winratit.exe gets loaded on the tentative file folder of the user. Following this, two more files also installed on the user's system that invariably starts up. There occurs a modification to the system's host file with the objective that if the user attempts to use download sites of popular software to repair the contaminated system, he would be diverted to a different site that serves another pernicious antivirus download. This rogue antivirus is called Anti-Virus-1. If the user decides to sign-up for, it establishes a link with a site that would gather the user's payment details. Additionally, according to Stephen Chenette, Security Research Manager at Websense, 16 different types of malicious programs were found infecting banner advertisements on eWeek.com, as reported by InternetNews on February 24, 2009. Stephan Chenette further disclosed that the malicious ad-server had its location in Latvia, a country in Eastern Europe. Meanwhile, considering that the attack codes' distribution is through advertisements, Larry Seltzer, eWeek's Security Center Editor, said that he believed that other websites were delivering the attack code on February 24, 2009, according to an eWeek blog post on February 2, 2009. Seltzer added that it was only that eWeek was first to flash the news. Meanwhile, cyber criminals' technique of distributing malware through advertisements is not new. In 2007, YNet, a news site in Israel, was similarly infected with malware and redirected its visitors to a bogus anti-spyware site. Related article: Infection in Chinese Security Website » SPAMfighter News - 3/3/2009 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!



