informationweek.com hacked?

Discussion in 'malware problems & news' started by Cerxes, Nov 14, 2007.

Thread Status:
Not open for further replies.
  1. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Something funny is going on at informationweek.com because every time I enter the site a popup shows up asking for permission for downloading a file called: "player.swf" from the server: "natalie.feedrom.com". I looked up this server and it seems to have some connection to several porn sites. Ironic, as I was reading an articel at informationweek.com regarding drive-by infections...

    /C.
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I just went to that website and I did not get that pop up. o_O
     
  3. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I´m rather sure that it was at informationweeek.com I got the pop-ups, because I ran several tests and I cleaned the browser cache after each visit, both with Operas own cleaning tool but also with CCleaner. So it wasn´t something I got from visiting other sites. But maybe I´ve overlooked something...o_O

    /C.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The download is triggered by an iframe:

    infoweek.jpg
    _____________________________________________________________________

    Whether or not you get a prompt may depend on several things.

    1) Using Opera, I did not get a prompt but I block flash.

    2) Using IE6 I got a prompt, and it wants to download flash9d.ocx which I don't have. So, if a system already has the latest player, maybe you don't get a prompt?

    The player might be for the video listed at the upper right of the web page. This is the page code:

    Code:
    <!-- NEW LARGER PLAYER TO USE Tues THRU Thurs -->
    
    <div id="option">
    
    <iframe src="http://natalie.feedroom.com/techwebtv/showcase/Player.swf?site=techwebtv&skin=showcase
    &fr_chl=952223b16f52abbd5ab9bb81ba77a65d2e25e172&stories=&env=prod " 
    allowFullScreen="true" height="380" width="320" frameborder = "0"></iframe>
    
    </div>
    
     
    
    <!-- FRIDAY ITCH VIDEO AUTO with humorous and sponsored tag TO USE Fri THRU Mon -- NEED NEW ID # EVERY WEEK
    
    <div id="option">
    
    <CENTER><droplet src="/GLOBAL/btg/fridayitchvideo_auto.jhtml">
    
      <param name="fr_story" value="d7d15f72c368b80a992c2f0152678ceb97a21a1d"/>
    
    </droplet></CENTER>
    
    </div> -->
    

    ----
    rich
     
  5. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    @rich: I want to add that I´m using the latest Flash Player. I also first thought that it was some sort of a video. But to be sure I googled for the server name and it showed some links containing the word "porn" in the description.

    /C.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    On further checking, using IE6, the attempted download is "Adobe Flash Player 9 ActiveX"

    I could not get the video to load, and I didn't want to install the flash upgrade from a download other than Adobe.

    A guess is that natalie.feedroom.com is hosting a video for informationweek.com.

    I don't blame you for not wanting to run something that isn't clearly identifiable.

    Some further checking:

    1) informationweek.com is rated here:

    http://www.lightspeedsystems.com/Ar...n=informationweek.com/story/showArticle.jhtml

    2) the file in question is listed here:

    Details for: informationweek.com
    http://64.233.161.103/search?q=cach...lie.feedroom.com/techwebtv&hl=en&ct=clnk&cd=4

    3) the "details" link by the file brings up a description/rating of the natalie.feedroom.com domain

    Website Details - feedroom.com
    http://www.lightspeedsystems.com/Ar...ie.feedroom.com/techwebtv/showcase/Player.swf

    This may be their hosting site, but it requires Flash 9 to work, so I couldn't view it:

    http://natalie.feedroom.com/techwebtv/


    ----
    rich
     
  7. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    My system has IE 6 with Adobe Flash 9.0.47 Active X. Something else must be blocking the pop up?
     
Loading...
Thread Status:
Not open for further replies.