Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

ECPAT NZ INC Courtesy Site: Mass Injection

Date:11.04.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered that an ECPAT NZ INC courtesy site is infected with a mass JavaScript injection that delivers a malicious payload. Multiple pages on the site have been mass injected attempting to deliver malicious payloads from 20 different hosts.

ECPAT is a global network of organizations and individuals working together for the elimination of child prostitution, child pornography, and the trafficking of children for sexual purposes. ECPAT NZ plays a key role in liaising and bringing about cooperation between key government and sector groups involved in the areas of commercial sexual exploitation of children (CSEC).

In an effort to protect their visitors, Websense Security Labs is working closely with ECPAT NZ INC to advise on the threats on their Web site. The ThreatSeeker Network has been tracking how such attacks prevail over reputed and significant Web sites, targeting their peers and other visitors.

Screenshot of the infected site: 

 


Screenshot of the infected site source and malicious payloads: 

 


Websense Messaging and Websense Web Security customers are protected against these threats.