Hackers Compromise Curious George Website for Malware Propagation

Researchers at Purewire (a vendor of web security solutions) discovered that the website of Public Broadcasting System (PBS), a TV service in the USA working on a non-profit basis, has been loaded with malware on the page of children's TV show "Curious George."

Nidhi Shah, Research Scientist at Purewire, states that when infection sets in as end-users access the "Curious George" website, a pop-up alert informs them that they need to validate by providing their username and password, as reported by SCMagazineUS on September 18, 2009.

But in case a user supplies incorrect credentials or just tries to close the pop-up, then a particular error page appears on the website telling him that his log-in process hasn't been properly carried out.

Giving details of the attack, Paul Royal, Principal Researcher at Purewire, said - if the log-in/authentication page doesn't work, a page displaying error message emerges but it contains malicious JavaScript, which forcibly takes the user to a malevolent URL, as reported by IdgNewsService on September 17, 2009.

Moreover, officials at Purewire discovered that the compromised website displaying malicious operations had connection with an intermediate (or third party) .info domain, which served attack codes. These malicious codes exploit several software flaws like ones within AOL SuperBuddy, AOL Radio AmpX, Apple QuickTime and Acrobat Reader.

In case, a user doesn't use a patch for these flaws, he becomes infected with malware.

Rather than finding out details of the well-known kids' TV show, the malware would hunt for details of the visitors to the website. Evidently, the attack represents the most recent one in the number of hacking, spamming and phishing attacks on social-networking websites.

Meanwhile, the method of hackers breaking into the website isn't clear, but it could be possible that they have abused an SQL injection flaw or gathered an FTP account's credentials, Shah said.

He also said that the tendency to hack into genuine websites for malware propagation was becoming popular among cyber criminals. According to Sophos (an online security company), infected websites were regarded as the greatest threat during January-June 2009.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 10/9/2009