Malware Removed from Times of India Website
The Indian newspaper 'Times of India' that receives heavy traffic on its Website has cleaned the site of malware within few days of hackers' attack on it with cross-site scripting code that was almost impossible to detect while it installed various kinds of malware on user' computers.
The Website came down as a result of a Web 2.0 attack where the malware authors injected malicious scripts onto several pages. The scripts linked to another site that hosted iframes that further connected to a couple of maliciously infected sites.
According to the experts, Indiatimes.com was pushing out 30 different types of malicious codes that worked to be the payload for two kinds Windows security flaws already patched.
It was an effective combination of dropper trojans and downloader trojans and the malicious files thus taking the amount of malevolent files involved to 434. The files included binaries, scripts, images and cookies, said Senior Researcher Mary Landesman at ScanSafe. InformationWeek published Landesman's statement on November 9, 2007.
The malicious files in addition ensured that the included malware created sites to attack others or enable some malicious file sharing or communication. With that, the series of exploits would automatically trigger off while nothing became visible to the Internet user.
No partner or customer of Microsoft has reported becoming victim to this attack, said Director Mark Miller of Microsoft's security response team. SCMagazine published Miller's statement on November 13, 2007.
But ScanSafe is not sure of the source of nine more exploits that its researchers identified within the attack, although they think the exploits were developed with the use of the open-source Metasploit Framework.
The attack seems to remind about the surge of adware assaults some months back, said Landesman. Since malware today are much more treacherous, Landesman thinks these attackers demonstrated a rather clumsy way of operating.
ScanSafe is continuing with its investigation of the attack but because the site is so popular and it involves so many malware, security experts are urging users to act cautiously.
The compromise of Times of India Website is the second major web hack in India. Before this, the Bank of India's Website was hacked in September 2007.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 27-11-2007