McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Create Account | Login  | What is TrustedSource?
 
Home  Threats and Trends  McAfee Research Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Win32.Weird.e2010-02-02
Win32.Tolone2010-02-02
Worm.IrcBot.14786562009-12-10
Trojan.Drop.Agent.poa.22009-12-10
Trojan.Magania.1059882009-12-08
Trojan.PSW.Frethog.AJ.22009-12-08
View Malware Library
 


McAfee Research Blog

Bargain shoppers watch out for compromised web sites

August 7th, 2008

Bargain shoppers should watch out.  A popular e-commerce web site in the United Kingdom is infected with malicious content. We have blogged about infected web pages several times before and wanted to warn users about this as well.  A normal web surfer would not recognize anything suspicious, but a closer look at the actual HTML source would reveal the infection:

The attackers managed to include a malicious and “invisible” IFRAME into the web site. So a surfer looking for the latest offers of some gadgets like MP3 Players, Digital Cameras or other technical goodies and visiting this page in question, would end up in executing the IFRAME which causes the browser to include the malicious code from the attacker’s site. In this case, an IP address from the United States would present the browser with some obfuscated script code.

A closer look into the malicious code reveals that the malware authors try to leverage the recent Zero-Day vunerability in the “ActiveX Control for the Snapshot Viewer for Microsoft Access” (see the Microsoft Security Advisory (955179) for details). Proof-of-Concept code to exploit this vulnerability is publicly available on the Internet.

The Secure Anti-Malware Engine proactively blocks the infected web site as ‘Script.Infected.WebPage.Gen’ and the obfuscated script code loaded from the malicious exploit server as ‘Script.Rce.Gen’. So regardless of which new vulnerability now finds its way into the attacker’s arsenal of exploits, the risk is mitigated by blocking it right away from the beginning.


Author: Anti-Malware Team

Back to McAfee Research Blog overview

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

ANY INFORMATION PROVIDED BY MCAFEE ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. MCAFEE HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.