Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Hackers Injected Malicious Code in MSN Canada Website

Researchers at security firm 'Websense' have claimed that a particular section of MSN Canada contains a malicious code that directs users to another website.

They further explain that users are redirected from msn.ca to sympatico.msn.ca. The redirected website is owned by Bell Canada, famous for its Internet Service Provider (ISP) 'Bell Internet' (formerly known as Simpatico).

It has been discovered that the infected website is quite popular in Canada for its all online services that are available on MSN portal.

Jay Liew, a Security Researcher working with Websense, observed a very strange activity on the website msn.ca when he was surfing it to avail the service of cinema.sympatico.msn.ca, said news reports.

Liew said that an obfuscated JavaScript code was injected into the Index page with the intention of taking users to unidentified malware host. The escaped code led to the insertion of iFrame, which, in turn, loaded malicious content from a remotely located domain name which had been previously linked to malicious activities. Moreover, this domain was used by hackers to hide their payload.

Websense has completed its task of informing the owners of MSN Sympatico about the finding of malicious content.

After the announcement of no malware on the website by Microsoft, Websense has also confirmed the non-existence of malicious code. Web attacks, commonly used for code cross injection, are called cross-site scripting (XSS) attacks. XSS assaults are sometimes happened due to failure of properly sanitizing user input in web forms and come under a sub-category of web code injection flaws.

This incident has highlighted that the dangers and extensive use of XSS bugs to target computer users. Popular companies like MSN that are well acquainted of them fall victims to such attacks. Hence, these websites have to find out solutions that could mitigate these attacks.

In addition, Websense security researchers have found another type of attack 'SQL injection' that could be used to infect the msn.ca page though the possibilities are very less.

Hence, it becomes necessary for website owners to stay alert to evade such malicious attacks in such a time when malware are used in every possible way to compromise websites.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

ยป SPAMfighter News - 6/22/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page