ZDNet Asia under iFRAME hack attack?

Alex Zaharov-Reutt
Wednesday, 05 March 2008 15:46

Your IT - Home IT

We asked Wing Fei Chia, security bigwig at F-Secure, some additional questions surrounding the claim of ZDNet Asia’s search engine being hacked by iFRAME links. Chia answered iTWire’s questions via email.

Here are the questions, and Chia’s answers.

Q. When did you notice the problem first occurring?

A. “It was reported yesterday night but I only had a look at the case this morning. But the number of cached pages loading iFrame returned has almost doubled since then”.

Q. Can it potentially affect other ZDNet websites or perhaps CNET websites since they are owned and operated by the same company?

A. “The search engine was abused because ZDNet Asia's Search Engine Optimization
(SEO) actually practices locally caching of search queries. Therefore, if the other ZDNet and CNET Websites were using the same practices, they can be affected too”.

Q. Whose search engine was used?

A. “The search engine referred in the blog is ZDNet Asia's search engine and the SEO used by ZDNet Asia is Omniture Site Catalyst”.

Q. How widely spread in the problem and how easy is it to fix it?

A. “I am not quite sure how widely spread this problem but it can be easily removed by getting like Google to remove them from their index”.

Q. Would your [F-Secure’s] standard security software protect you from this attack?

A. "Yes, it does. We not only protect users from malicious iFrames, we also detect the variant of Zlob Trojan in this particular case which is Trojan-Downloader:W32/Zlob.HOG".

Note: we clarified with Chia in a phone call that other brands of ‘Internet security software’ should also protect users against the iFRAME attack, although this will obviously depend on whether or not the security software in question has been regularly updated.

Q. How vulnerable are other websites for this kind of attack?

A. "This particular attack what we call a malware embedded attack which is not uncommon these days and mostly targeting legitimate sites".

Q. Anything else that you'd like to add to your blog post?

A. "Not at the moment".

As Chia has noted, ZDNet Asia’s actual website isn’t under attack, but their search engine appears to be affected.

No doubt ZDNet Asia will quickly fix this problem, but it’s a good reminder to us all to check our websites and our servers, applying whatever patches, fixes and cleanups are necessary to remove these rather silent threats, which many legitimate companies, as Chia mentions, could easily be the victims of.