TWiT.tv - malware infects Leo Laporte's website

Filed Under: Java, Malware, PDF

TWiT.tvThe website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.

Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a .cz.cc domain name.

Although Sophos products intercepted the compromised TWiT.tv webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors' products may not be so lucky.

TWiT infected webpage

The .cz.cc webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.

The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.

Surfing the web without malware protection is pretty dangerous these days - it's like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages which are hosting malware every day.

The TWiT network is famous for scores of popular internet podcasts and streaming video shows, including "This Week in Tech" (which gave the network its name) and "Security Now" co-hosted by Steve Gibson.

As you can see below, Google Chrome is also warning of the infection:

Warning via Google Chrome

Of course, Leo Laporte is far from the first social media celebrity to suffer at the hands of hackers. For instance, a couple of years ago, Robert Scoble - himself a regular on TWiT.tv broadcasts, found that hackers had managed to breach his website after he failed to upgrade his version of WordPress.

If you run a website make sure you are doing everything to keep it as secure as possible - for both your company's sake, and that of your users. If you haven't already done so, read this informative paper by SophosLabs, "Securing websites", which covers some of the issues.

, , , , ,

You might like

22 Responses to TWiT.tv - malware infects Leo Laporte's website

  1. CaMiX · 1112 days ago

    Too bad that this happened to Leo's network. Overall he's got some really great shows NOT including Security Now. I'm sorry but Steve Gibson is no Security Expert and he's just a has-been that's grasping onto his notoriety gained by associating himself with Leo during his SpinRite/TechTV days. I wish Leo would get rid of that show or put someone else on there that actually knows what he's talking about.

    • michael · 1112 days ago

      funny you should say that. to my eyes, steve gibson makes leo look like a novice.

    • DeliriousGuy · 1112 days ago

      I think you're entirely wrong CaMiX. Steve Gibson may be an old-school programmer and may not be the most dynamic speaker, but he knows what he's talking about and does a good job explaining it to listeners. I'm not sure what a 'Security Expert' is to you and I'm not sure that Steve would consider himself a "Security Expert". Steve found the first spyware and has done a lot to keep our computers protected on the Internet, so he's enough of a "Security Expert" for those of us trying to learn about security and keep ourselves and our networks protected.

    • chris · 1112 days ago

      that statement of your is not worthy even to laugh on it! look at your rating, clown, 5 votes all negative. got the picture?

    • Jamie · 1112 days ago

      Steve Gibson seems like a great guy to me, he seems to be very knowledgable in security.

    • Insidious · 1111 days ago

      That statement is absurd on many levels. While perhaps it is your 'opinion' any outside-observable measures of his success within the domain of computer security is clear. Not only does he consult for some major companies, has worked with the FBI and other govt. agencies in the past...most of these things he never mentions accept as passing reference (probably because NDAs etc.) from time to time. His analysis of the Stuxnet 'problem' was well done and he, as another person who commented said, does a great job of explaining some very complicated material without dumbing it down to the point of being insulting.

    • Chuck · 931 days ago

      I agree and disagree. Steve's credentials are solid and the show does provide relevant security news in detail. I admire the fact that Steve reads feedback and covers errata and omissions the following week when they happen. The show has been straying a lot into science fiction and coffee lately forcing those of us interested in security issues to wait. Leo occasionally starts singing which tends to make the wait unbearable. Other than that the show is great. I think there is room for two security shows on TWIT. I don't want to see another host brought in to Security Now like TWIT did on Windows Weekly.

  2. mark · 1112 days ago

    looks like the iFrame stuff has been removed from TWiT.tv's index.html file :) BUT you still get a warning from Firefox...

  3. ASP · 1112 days ago

    via @TWiT: We had some Malware issues on twit.tv this morning. It has been cleared and we are waiting for Google to clear the warning. twit.tv is safe.
    https://twitter.com/#!/TWiT/status/11438686561174...

  4. Chris · 1112 days ago

    this is a good reminder, no one is 100% unbreakable and 100% unhackable, so take security seriously

  5. i think you should have left in the full cz cc address. full disclosure and all that, old bean.

    what what?

    InfosecChap

  6. Do we know what the malware does and which browser is targeted?

  7. wow · 1112 days ago

    slow news day today guys?

  8. Chet · 1112 days ago

    Security Now is one of my favorite shows. CaMix is clearly a security moron...

  9. james · 1112 days ago

    Just another example of how clueless Leo Laporte is.

  10. LeeNukes · 1112 days ago

    I think you mean surfing the web on a Mac or Windows computer is very dangerous. I noticed this issue, but being on Linux I was willing to take the risk. Sure, its a java virus which could potentially run, but I doubt it will function correctly.

  11. Drew · 1109 days ago

    You have to be running an older version of Java to be infected anyways.. =p

  12. Ron · 932 days ago

    looks like the TWIT.TV infection is back March 13, 2012

  13. Mark Grennan · 932 days ago

    Their Back!!!

  14. meh · 932 days ago

    Isn't this 2nd time since they launched their site?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.