Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

India’s DNA E-newspaper Website Infected With Fake Antivirus Campaign

image
THREATLABZ
mai 15, 2011 - 2 Min de lecture
DNA (Daily News and Analysis) is an Indian daily English language newspaper. According to Wikipedia, DNA ranks 8th among the top ten English dailies in India. Recently, the Zscaler solution was blocking access to this site, as it contained malicious content. Here is the homepage of this website:
ImageThe ‘Today’s E-newspaper’ link (circled above) is an online version of the printed periodical. We discovered that one of the pages from this e-newspaper site was infected with malicious script. Here is the screenshot of that page:
ImageThe malicious script tag had been inserted in plain text as can be seen in this screenshot of page
source:
 
Image The malicious script tag directs the victim’s browser to ‘hxxp://vcvsta.com/ur.php’. This page then redirects the user to another malicious site (‘hxxp://www4.to-gysave.byinter.net,), which will again redirect victim to random sites hosting fake antivirus campaigns. Here is the screenshot displaying a fake malware alert:
Image
Image
As usual, page employs social engineering tactics, which display fake warning messages and threat names to scare the victim into downloading a fake AV product. The VirusTotal result for the downloaded binary currently shows only 10/43 AV engines detecting this particular attack. Here we have yet another example of a legitimate and popular websites being infected so that the attacker(s) can impact a significant number of victims.

Umesh
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.