NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0453 Massive IFrame Attack Expands to Prime Sites:
The massive attacks against hundreds of thousands of Web pages that started earlier this
month has spread to some of the internet's most prominent sites, including those for
USAToday.com, ABCNews.com, News.com, Target.com, Walmart.com, Bloomingdales.com, WebShots.com,
Sears.com, Forbes.com, Circuitcity.com, Epinions.com, JCPenney.com and those for the
University of Vermont and Boise State University, researchers said 28MAR. The Bulgarian
security researcher who first reported the attacks two weeks ago, said that the attacks
had spread to a long list of high-profile sites, which have had their search results
poisoned with malicious IFrame code. "The attack's been ongoing for almost a month now,"
he said in an email. According to both a follow-up post by the researcher to his own
blog and analysis conducted by researchers at Symantec Corporation, hackers have inserted
IFrame code into the saved search results of an unknown number of legitimate sites. People
who visit those sites and use the compromised search tool are redirected by the IFrame code
to rogue security software and bogus codec sites, which in turn download malware to the
victimized Windows PCs. The attack code that eventually ends up on users' machines includes
newer variants of the Zlob Trojan horse, as well as other backdoors and downloaders. Users
can protect themselves by rejecting any request to download an unexpected codec or security
program.
(ComputerWorld 28MAR08)