Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

CNET Networks site compromise

Date:08.06.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered that a CNET Networks site has been compromised. The main page of the CNET Clientside Developer Blog contains malicious JavaScript code that de-obfuscates into an iframe that loads its primary malicious payload from a different host.

The malicious code is observed to exploit a known integer overflow vulnerability in Adobe Flash (CVE-2007-0071). At the time of this alert, the site is still hosting the malicious code. Visitors who are not patched against this vulnerability will be infected without any user interaction.

Screenshot of infected site:

Screenshot of the malicious payload:

Software vulnerable to this attack includes:
- Adobe, Flash Player, 9.0.115.0, and previous
- Adobe, Flex, 3.0
- Adobe, AIR, 1.0

Websense Messaging and Websense Web Security customers are protected against this attack.