Technology news and Jobs 
Information Technology News ZDNet Asia under iFRAME hack attack?
Information Technology News ZDNet Asia under iFRAME hack attack? | ZDNet Asia under iFRAME hack attack? |
|
| by Alex Zaharov-Reutt | |
| Wednesday, 05 March 2008 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
UPDATE: I've been contacted by Dancho Danchev, who writes an IT security blog called Mind Streams of Information Security Knowledge. Danchev's bio describes him thus: "Independent Security Consultancy, Threat Intell Analyses and Competitive Intelligence research on Demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day". It appears that F-Secure's Wing Fei Chia learnt of the ZDNet Asia iFrame Hack Attack from a post that Danchev wrote explaining his discoveries, which Danchev then posted to the Full Disclosure site. Chia's blog entry is similar to Danchev's, although Danchev's is much more detailed, and after I asked Chia for an explanation as to why I was being contacted by Danchev, who I hadn't heard of before, Chia's blog post was updated to provide proper attribution to Danchev as the originator of the research. Danchev has written a new blog post called 'Unprofessionally Piggybacking on my Research' where he rightly laments what has happened: security companies not properly attributing research and blog postings to the correct sources, in this case, Dancho Danchev. The rest of the original story follows: Wing Fei Chia, security expert from F-Secure, has posted a blog entry titled ‘ZDNet Asia Compromised?” Chia explains that: “ZDNet Asia is one of my bookmarked online resource that I frequently visit. The site is NOT compromised per se; rather, their site's search engine was abused by an attacker with queries of popular keywords”. Continuing, Chia says that: “Leveraging on the fact that the site is, legitimate, and has high page ranks, the popular search engines are returning some of these iFRAME-ed results in the first few pages of the search results. And the objective? To get the unsuspicious user to click on the link”. At this point on Chia’s blog posting shows a screenshot of a Google search outlining affected ZDNet Asia search results. Chia then said that: “The last time we checked, 20,600 cached pages loading the iFRAME was found. Upon clicking on the malicious link, you get redirected to some Russian Business Network’s IPs and RBN is notoriously known for hosting not only malware but also rouge anti-virus and anti-spyware applications. At the end of the redirects, the unsuspicious user might be a victim of Zlob Trojan. We [F-Secure] detect it as Trojan-Downloader:W32/Zlob.HOG”. Now Wing Fei Chia is no security slouch – he’s been working in the IT Security field since 2003, according to his mini-bio. He’s currently the Security Response Team Manager at the F-Secure Security Labs, joined F-Secure in 2007 and is a member of ISACA (Information Systems Audit & Control Association) and holds a CISSP (Certified Information Systems Security Professional) certification from (ISC)2 since 2006 – and prior to joining F-Secure, Chia spent time with the Global IT Security operations in British American Tobacco. Now it would seem that all ZDNet Asia has to do is to ask their webmaster to clean up the backend of the site and get rid of the dreaded iFRAME links, and hopefully Chia’s article will encourage them to do just that. But we decided to ask Chia some additional questions, the answers to which you’ll find on page 2. Please read on. |
| < Next story in category | Previous story in the category > |
|---|
