Alerts

Sohu Web Site in China Compromised

Date:12.26.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered that a large portal site in China named Sohu has been compromised and is infecting site visitors with malicious code. The malicious code was inserted into the horoscope page of the site, and is leading to many exploits such as Microsoft AdoDB / XML HTTP (MS06-014), RealPlayer, Sina DLoader, and Global Link Lianzhong. These exploits were also used in the Peking University and HuaZhong Normal University mass injections a few days ago.

Sohu is one of the largest and most highly-reputable portal sites in China, providing popular services such as email, social networking, forums, online TV, news, and more. Sohu typically ranks 59th in traffic in the Alexa Top Sites, playing an important role in the daily lives of many people.

Here is a screen shot of the infected site:

 


This screen shot shows a portion of the malicious code:

 

Websense Messaging and Websense Web Security customers are protected against this attack.

•  Subscribe to this feed »