Malware injected into legitimate JavaScript code on legitimate websites

Discussion in 'malware problems & news' started by TheKid7, Feb 14, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    Malware injected into legitimate JavaScript code on legitimate websites:
    http://nakedsecurity.sophos.com/2013/02/13/malware-javascript/
     
  2. Unless there's a redirect somewhere in there, that would also bypass Noscript and such. Lovely.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    There is a redirect.

    The i-frame contains the redirect URL. That URL has been taken down.

    Sophos update:

    When I initially went to the site, Opera displayed an alert:

    opera_fannywang-warning.jpg

    According to Opera's 'Fraud and Malware Protection Help', this means that the site has been reported and blacklisted.

    ----
    rich
     
  4. Ah sorry, lack of coffee there.

    A lot of these things seem to use iframes though. For my part, I generally tell Noscript to block frames and iframes; few sites seem to use them anyway these days, outside of ads...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.