Malware
Mac
Facebook
Android
Vulnerability
Data loss
Privacy
More...

Search for:

Is Windows 7 safe? Sophos is ready, are you?

Malicious update for Microsoft Outlook / Outlook Express (KB910721)

How long has this been going on? Star's site infected

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.

Already using Google+? Find us on Google+ for the latest security news.

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, we won't accept that email address. Please try a different address.

We're adding your address to our list...

Join thousands of others, and sign up for Naked Security's newsletter

by SophosLabs on October 22, 2009 | Leave a comment

Filed Under: Malware, SophosLabs

Last night, Roger's Information Security Blog detailing the hacking of the legendary singer Van Morrison's website.

From the description of the hack I would have expected Sophos to have been detecting the site as Mal/Iframe-F. Naturally, I visited the site, in a secure manner, to see what I could see. Unfortunately, I didn't see an Iframe as described.

What I did see was a heavily obfuscated script injected into the page that references an iframe. A quick analysis of the obfuscated script revealed that it adds an iframe to the page to load content from a remote site (blacklisted for Sophos customers since Oct 7th). The WHOIS record that remote site strangely says:
Address : 56/2 Sun str. City : Dallas Province/State : beijing

This morning I wrote detection for the obfuscated script, as Troj/Iframe-DD.

After further digging on our systems we have seen multiple infections on this site:

Mal/Badsrc-A first seen 2009-10-15
Mal/iframe-F first seen 2009-08-05

How long has the site been infected? and how many infections will it have before the sites security is updated?

Share

Email
Tweet
Buffer
Hacker News
App.Net
Pocket

Tags: Malware, Van Morrison, web

Is Windows 7 safe? Sophos is ready, are you?

Malicious update for Microsoft Outlook / Outlook Express (KB910721)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Username *

Comment

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

Popular
Recent
Related

sc-250

Snapchat images that have "disappeared forever" stay right on your phone...

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

Want to see who has viewed your Facebook profile? Take care..

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

Apple iMessage "censors" mention of Obama: international conspiracy...or software bug?

Revenge-porn website victim files suit against ex and four porn sites

Revenge-porn website victim files suit against ex and four porn sites

Rihanna sex video event scam spreads on Facebook

Rihanna sex video event scam spreads on Facebook

wifimyths-250

Three wireless security myths - busted! [VIDEO]

sscc109-250

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

Congress asks Google if and how it's protecting privacy with Glass

Congress asks Google if and how it's protecting privacy with Glass

Monday review

Monday review - the hot 24 stories of the week

Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

Intruder compromises user database for Star Trek Online

Intruder compromises user database for Star Trek Online and other MMORPGs

asian-dragon-thumb

Night Dragon attacks: myth or reality?

Detection-scan for phpnuke

Malicious Iframe infects PHP-Nuke site....again!

PPI SMS text spammers fined £440,000 by UK Information Commissioner

PPI SMS text spammers fined £440,000 by UK Information Commissioner

Image (3) soucecode.jpg for post 19749

Learning Wales gets you infected

Image (3) lao.png for post 21389

A week in Computer Security is a - very - long time

code law firm

Italian law firm knowingly serves up infected web pages

Somerset County Council website victim of Blackhat SEO and malware injection

Somerset County Council website victim of Blackhat SEO and malware injection

Image (1) index.jpg for post 20041

Communist Party Of Britain's website infected with malware (again)

Video posts

More videos this way

wifimyths-250

Three wireless security myths - busted! [VIDEO]

Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]

You won't believe how crazy this password infomercial is (and neither did Ellen DeGeneres) [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

Sophos CEO suffers from a watery end for Comic Relief

Sophos CEO suffers from a watery end for #ComicRelief

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

About Naked Security
About Sophos
Our Authors
Awards
Got a story for us?

Tags

Adobe Android anonymous Apple Cybercrime data loss DDoS Exploit Facebook Fake anti-virus General Google hacking iPhone IT Malware Microsoft password phishing Privacy Scam scareware Spam Survey Scam Twitter Video vulnerability web web 2.0 WWW

Categories

Adobe (339)
Adobe Flash (181)
Apple Safari (128)
BlackBerry (82)
Clickjacking (70)
Data loss (1850)
Denial of Service (317)
Firefox (168)
Google (603)
Hacked (136)
Java (255)
Linux (69)
Mobile (397)
Nude Celebrities (70)
Organisations (8)
OS X (202)
Phishing (347)
Podcast (300)
Ransomware (117)
Rogue applications (138)
Security threats (884)
Technologies (14)
Uncategorized (147)
Video (390)
Vulnerability (1078)

Archives by month

May 2013 (65)
April 2013 (94)
March 2013 (103)
February 2013 (96)
January 2013 (109)
December 2012 (52)
November 2012 (103)
October 2012 (113)
September 2012 (91)
August 2012 (110)
July 2012 (92)
June 2012 (91)
May 2012 (99)
April 2012 (79)

Download some free tools

Free anti-virus for your MacFree antivirus that works simply and beautifully
Free Android protectionFree antivirus for all your Android devices
More free tools...

Take a look at our products

Endpoint
Encryption

Mobile
Network

Email
Web

Try out our free trials and demos

Investigate the threats

Virus and spyware analyses
Threat Center
Inside SophosLabs

© 1997-2013 Sophos Ltd. All rights reserved
Legal
Privacy
Cookies
Disclaimers

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.