November 7th, 2007

MSNBC Turkish site caught serving malware

Posted by Ryan Naraine @ 5:13 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Wi-Fi security, Zero-day attacks

Tags: Websense Inc., Malware, MSNBC, Site, SANS Internet Storm Center, Scripting Languages, Security, Viruses And Worms, Software/Web Development, Web Development

Websense is reporting that MSNBC’s Turkish site was caught in a mass defacement hacker attack that redirected readers to exploit servers hosted in China.

From a Websense alert:

At the time of this writing, the site was infected with malicious code designed to infect the site’s visitors through the use of an external JavaScript file. The file contained the malicious JavaScript code that was hosted in China.

Visitors to the Web site were infected with an exploit code tailored to their browser. Assuming that the visitors were vulnerable, password stealing code was installed and executed on their desktops, without requiring any user intervention…

This is a Microsoft site, hosted by a partner. We are actively working with Microsoft’s security personnel to fix the issue.

The SANS Internet Storm Center is reporting that the infection occurred via SQL injection.

From my checks, it appears that the MSNBC Turkish site is now clean and the Chinese exploit server is down.