The English-language version of the newspaper contains 434 malicious scripts, binaries, cookies, and images, according to a ScanSafe report.
By Thomas Claburn
InformationWeek
November 9, 2007 05:40 PM
Visitors to IndiaTimes.com, a major English-language Indian news site, risk infecting their computers with a deluge of malware, according to Mary Landesman, senior security researcher at ScanSafe.
"It's an entire cocktail of downloader Trojans and dropper Trojans," Landesman said Friday, putting the number of malicious files involved at 434. This includes scripts, binaries, cookies, and images.
Landesman characterized the size of the malicious payload as unusually large. She also noted that the attack involved a large number of Web sites. Analyzing just two of the binaries, she said that ScanSafe had identified at least 18 different IP addresses involved in the attack.
"Only certain pages of the IndiaTimes.com are infected," ScanSafe said in its Nov. 9 Threat Alert. "The impacted pages contain a script which points to a remote site containing iframes pointing to two additional sites. One of the sites included cookie scripts and an iframe pointing to a non-active site. The other iframe pointed to an encrypted script which exploits multiple vulnerabilities in an attempt to download malicious software onto susceptible systems of users visiting indiatimes.com."
"It appears that the Metasploit Framework was the framework used to facilitate these attacks," Landesman said. The Metasploit Framework is a security testing tool that can also be used maliciously.
http://www.informationweek.com/news/showArticle.jhtml?articleID=202804433