Sophos Cloud Optix
The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.
Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a .cz.cc domain name.
Although Sophos products intercepted the compromised TWiT.tv webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors’ products may not be so lucky.
The .cz.cc webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.
The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.
Surfing the web without malware protection is pretty dangerous these days – it’s like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages which are hosting malware every day.
The TWiT network is famous for scores of popular internet podcasts and streaming video shows, including “This Week in Tech” (which gave the network its name) and “Security Now” co-hosted by Steve Gibson.
As you can see below, Google Chrome is also warning of the infection:
Of course, Leo Laporte is far from the first social media celebrity to suffer at the hands of hackers. For instance, a couple of years ago, Robert Scoble – himself a regular on TWiT.tv broadcasts, found that hackers had managed to breach his website after he failed to upgrade his version of WordPress.
If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.
Too bad that this happened to Leo’s network. Overall he’s got some really great shows NOT including Security Now. I’m sorry but Steve Gibson is no Security Expert and he’s just a has-been that’s grasping onto his notoriety gained by associating himself with Leo during his SpinRite/TechTV days. I wish Leo would get rid of that show or put someone else on there that actually knows what he’s talking about.
funny you should say that. to my eyes, steve gibson makes leo look like a novice.
I think you’re entirely wrong CaMiX. Steve Gibson may be an old-school programmer and may not be the most dynamic speaker, but he knows what he’s talking about and does a good job explaining it to listeners. I’m not sure what a ‘Security Expert’ is to you and I’m not sure that Steve would consider himself a “Security Expert”. Steve found the first spyware and has done a lot to keep our computers protected on the Internet, so he’s enough of a “Security Expert” for those of us trying to learn about security and keep ourselves and our networks protected.
that statement of your is not worthy even to laugh on it! look at your rating, clown, 5 votes all negative. got the picture?
Steve Gibson seems like a great guy to me, he seems to be very knowledgable in security.
That statement is absurd on many levels. While perhaps it is your 'opinion' any outside-observable measures of his success within the domain of computer security is clear. Not only does he consult for some major companies, has worked with the FBI and other govt. agencies in the past…most of these things he never mentions accept as passing reference (probably because NDAs etc.) from time to time. His analysis of the Stuxnet 'problem' was well done and he, as another person who commented said, does a great job of explaining some very complicated material without dumbing it down to the point of being insulting.
I agree and disagree. Steve's credentials are solid and the show does provide relevant security news in detail. I admire the fact that Steve reads feedback and covers errata and omissions the following week when they happen. The show has been straying a lot into science fiction and coffee lately forcing those of us interested in security issues to wait. Leo occasionally starts singing which tends to make the wait unbearable. Other than that the show is great. I think there is room for two security shows on TWIT. I don't want to see another host brought in to Security Now like TWIT did on Windows Weekly.
looks like the iFrame stuff has been removed from TWiT.tv's index.html file 🙂 BUT you still get a warning from Firefox…
still looks infected to chrome as well
via @TWiT: We had some Malware issues on twit.tv this morning. It has been cleared and we are waiting for Google to clear the warning. twit.tv is safe.
https://twitter.com/#!/TWiT/status/11438686561174…
still showing as infected! I’m pissed…It’s 11:55am
this is a good reminder, no one is 100% unbreakable and 100% unhackable, so take security seriously
i think you should have left in the full cz cc address. full disclosure and all that, old bean.
what what?
InfosecChap
Do we know what the malware does and which browser is targeted?
slow news day today guys?
Security Now is one of my favorite shows. CaMix is clearly a security moron…
Just another example of how clueless Leo Laporte is.
I think you mean surfing the web on a Mac or Windows computer is very dangerous. I noticed this issue, but being on Linux I was willing to take the risk. Sure, its a java virus which could potentially run, but I doubt it will function correctly.
You have to be running an older version of Java to be infected anyways.. =p
looks like the TWIT.TV infection is back March 13, 2012
Their Back!!!
Isn't this 2nd time since they launched their site?