Curious George's latest mischief: malware

PBS.org Web site compromised with attack-code, researchers say

The Public Broadcasting Service’s Web site has been infected at a section related to the Curious George children’s TV show and when the fake authentication page doesn’t work for the user, tries to drop malware on them, researchers said Thursday.

When the log-in page fails, the end user is served an error page with malicious JavaScript that drags the user to a malicious domain where an attempt to exploit vulnerabilities on the user’s desktop applications is made, says Paul Royal, principal researcher at security firm Purewire.

The attacks includes attempts against known vulnerabilities in Acrobat Reader, an AOL ActiveX control, Apple QuickTime and others. There are patches to correct these application vulnerabilities but if the user hasn’t applied the patches, the exploit observed by Purewire at the PBS.org Web site could be successful in installing malicious code on the victim’s desktop computer.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Public Broadcasting Service’s Web site has been infected at a section related to the Curious George children’s TV show and when the fake authentication page doesn’t work for the user, tries to drop malware on them, researchers said Thursday.

When the log-in page fails, the end user is served an error page with malicious JavaScript that drags the user to a malicious domain where an attempt to exploit vulnerabilities on the user’s desktop applications is made, says Paul Royal, principal researcher at security firm Purewire.

The attacks includes attempts against known vulnerabilities in Acrobat Reader, an AOL ActiveX control, Apple QuickTime and others. There are patches to correct these application vulnerabilities but if the user hasn’t applied the patches, the exploit observed by Purewire at the PBS.org Web site could be successful in installing malicious code on the victim’s desktop computer.

Slideshow: 20 useful IT security Web sites 

The malicious domain -- qxfcuc.info -- was registered through registrar eNom, Royal says. The registrant’s identity is not public, perhaps because the registrant paid a $10 a year fee that is typically charged to keep identity private, he adds.

Purewire researcher Nidhi Shah indicated that the security firm first observed the PBS.org Web site malware infection on Monday because the Purewire service used by a customer picked it up. Purewire sought to notify PBS about the matter via e-mail but has so far not received a response.

Web sites are increasingly being compromised by malware, as the Websense Security Labs “State of Internet Security Report Q1 – Q2 2009,” published Wednesday, points out. The report says the growth in the number of malicious Web sites has more than tripled in the period and 77% of the Web sites with malicious code are legitimate, trusted sites that have been compromised.

Read more about security in Network World's Security section.