Previous entries
Next entries

March 14th, 2008

Security Firm Trend Micro a Victim of Latest iFrame Attacks

computervirus.jpgBy Michael Santo
Editor-in-Chief, RealTechNews

Nothing is so humorous as when the web site of a security vendor gets hacked. OK, OK, it was hilarious when the RIAA site was hacked, too. And I’ll admit: it’s probably not as funny if it’s your security vendor.

Earlier this week a massive attack on websites via iFrame was launched. According to McAfee’s Avert Labs site:

This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities.

These vulnerabilities have already been patched, but some, as listed on McAfee’s site, appear to involve obscure ActiveX controls that site owners may not have known to patch. That wouldn’t explain Trend Micro’s problems, though.

Users are redirected by the hacked page to another site, which will try to install malware. Of course, a savvy user would cancel such an install. Someone more trusting might accept it. If they’re lucky, their antivirus program will catch it. If not …

Trend Micro confirmed that the web site had been hacked early in the week with these types of pages, but the pages were taken down and scrubbed clean on Tuesday night.

We Say: While this is of course, humorous, it’s more so because Trend Micro is one of the larger security vendors. You’ll recall that earlier in the year a small Indian firm was serving up a virus.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

2 comments to "Security Firm Trend Micro a Victim of Latest iFrame Attacks"

  1. John Corliss says:

    I personally find absolutely NOTHING “humorous” about this kind of thing. As time goes by, the bad guys are making the internet more and more of a hostile place for everybody and that’s not funny at all. Trend Micro’s Housecall website has helped me several times when cleaning friends’ and relatives’ computers. I’m not exactly what you’d call a novice either. Somebody doing something that would damage TM’s reputation is NOT funny. That you find such a thing to be humorous is puerile in the extreme. It also makes one wonder whose side YOU are on.

    March 15th, 2008 at 1:23 am

  2. John says:

    Just to straighten the facts, the content may have been compromised but the supposed redirection hack didn’t work. It was broken since it was encoded: http://blog.scansafe.com/

    On the otherhand, I’d have to agree with John Corliss.

    March 15th, 2008 at 10:52 pm

Leave a comment