informationweek.com hacked?

Discussion in 'malware problems & news' started by Cerxes, Nov 14, 2007.

Thread Status:
Not open for further replies.
  1. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Something funny is going on at informationweek.com because every time I enter the site a popup shows up asking for permission for downloading a file called: "player.swf" from the server: "natalie.feedrom.com". I looked up this server and it seems to have some connection to several porn sites. Ironic, as I was reading an articel at informationweek.com regarding drive-by infections...

    /C.
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I just went to that website and I did not get that pop up. o_O
     
  3. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I´m rather sure that it was at informationweeek.com I got the pop-ups, because I ran several tests and I cleaned the browser cache after each visit, both with Operas own cleaning tool but also with CCleaner. So it wasn´t something I got from visiting other sites. But maybe I´ve overlooked something...o_O

    /C.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    The download is triggered by an iframe:

    infoweek.jpg
    _____________________________________________________________________

    Whether or not you get a prompt may depend on several things.

    1) Using Opera, I did not get a prompt but I block flash.

    2) Using IE6 I got a prompt, and it wants to download flash9d.ocx which I don't have. So, if a system already has the latest player, maybe you don't get a prompt?

    The player might be for the video listed at the upper right of the web page. This is the page code:

    Code:
    <!-- NEW LARGER PLAYER TO USE Tues THRU Thurs -->
    
    <div id="option">
    
    <iframe src="http://natalie.feedroom.com/techwebtv/showcase/Player.swf?site=techwebtv&skin=showcase
    &fr_chl=952223b16f52abbd5ab9bb81ba77a65d2e25e172&stories=&env=prod " 
    allowFullScreen="true" height="380" width="320" frameborder = "0"></iframe>
    
    </div>
    
     
    
    <!-- FRIDAY ITCH VIDEO AUTO with humorous and sponsored tag TO USE Fri THRU Mon -- NEED NEW ID # EVERY WEEK
    
    <div id="option">
    
    <CENTER><droplet src="/GLOBAL/btg/fridayitchvideo_auto.jhtml">
    
      <param name="fr_story" value="d7d15f72c368b80a992c2f0152678ceb97a21a1d"/>
    
    </droplet></CENTER>
    
    </div> -->
    

    ----
    rich
     
  5. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    @rich: I want to add that I´m using the latest Flash Player. I also first thought that it was some sort of a video. But to be sure I googled for the server name and it showed some links containing the word "porn" in the description.

    /C.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    On further checking, using IE6, the attempted download is "Adobe Flash Player 9 ActiveX"

    I could not get the video to load, and I didn't want to install the flash upgrade from a download other than Adobe.

    A guess is that natalie.feedroom.com is hosting a video for informationweek.com.

    I don't blame you for not wanting to run something that isn't clearly identifiable.

    Some further checking:

    1) informationweek.com is rated here:

    http://www.lightspeedsystems.com/Ar...n=informationweek.com/story/showArticle.jhtml

    2) the file in question is listed here:

    Details for: informationweek.com
    http://64.233.161.103/search?q=cach...lie.feedroom.com/techwebtv&hl=en&ct=clnk&cd=4

    3) the "details" link by the file brings up a description/rating of the natalie.feedroom.com domain

    Website Details - feedroom.com
    http://www.lightspeedsystems.com/Ar...ie.feedroom.com/techwebtv/showcase/Player.swf

    This may be their hosting site, but it requires Flash 9 to work, so I couldn't view it:

    http://natalie.feedroom.com/techwebtv/


    ----
    rich
     
  7. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    My system has IE 6 with Adobe Flash 9.0.47 Active X. Something else must be blocking the pop up?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.