September 18th, 2009
PBS.org hacked, serving malware cocktail
Some sections of the popular PBS.org Web site have been hijacked by hackers serving up a cocktail of dangerous exploits.
According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe.
The malicious JavaScript was found on the “Curious George” page that provides content on the popular animation series.
A look at the code on the hijacked site shows malicious activity coming from a third-party .info domain.
The URL serves exploits that target a variety of software vulnerabilities, including those in Acrobat Reader (CVE-2008-2992, CVE-2009-0927, and CVE-2007-5659), AOL Radio AmpX (CVE-2007-6250), AOL SuperBuddy (CVE-2006-5820) and Apple QuickTime (CVE-2007-0015).
Purewire said the exploit site is part of a malware campaign that includes tens of similar Web sites hosted off of a handful of common IP addresses.
Read the Purewire blog for more information on this attack.
UPDATE: A representative for PBS.org tells me the malicious code has been removed from the site.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
