Malware injected into legitimate JavaScript code on legitimate websites

Discussion in 'malware problems & news' started by TheKid7, Feb 14, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Malware injected into legitimate JavaScript code on legitimate websites:
    http://nakedsecurity.sophos.com/2013/02/13/malware-javascript/
     
  2. Unless there's a redirect somewhere in there, that would also bypass Noscript and such. Lovely.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    There is a redirect.

    The i-frame contains the redirect URL. That URL has been taken down.

    Sophos update:

    When I initially went to the site, Opera displayed an alert:

    opera_fannywang-warning.jpg

    According to Opera's 'Fraud and Malware Protection Help', this means that the site has been reported and blacklisted.

    ----
    rich
     
  4. Ah sorry, lack of coffee there.

    A lot of these things seem to use iframes though. For my part, I generally tell Noscript to block frames and iframes; few sites seem to use them anyway these days, outside of ads...
     
Loading...
Thread Status:
Not open for further replies.