Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    TrendLabs received reports of a massive attack against legitimate e-commerce Web sites, particularly in the U.K., with one or two references to Dubai, UAE. These Web sites are injected with the following malicious JavaScript code, which takes advantage of several vulnerabilities to infiltrate an unsuspecting user’s system:

    <script language=’JavaScript’ type=’text/javascript’ src='{random name}.js’></script>

    The random file name of the said JavaScript brings difficulty in searching for more compromised pages. Add to that the fact that said JavaScript is hosted in the compromised domain itself.

    This routine is unlike other compromises where Web sites are usually injected with either a malicious iFrame link or found to host a JavaScript in _other_ domains usually created and registered solely to host the malicious code or payload for these types of threats. For example:

    <script language=’JavaScript’ type=’text/javascript’ src=’http://otherdomain/maliciousscript.js’></script>


    <iframe src=http://otherdomain/maliciouspage.html width=0 height=0></iframe>

    The following are some of the known vulnerabilities that this JavaScript exploits:

    However, this is not the case here. Security researchers are still baffled by this event.

    Users infected with this malicious JavaScript ultimately download a malicious .MOV file and Trojan programs onto their computers. Trend Micro detects the malicious JavaScript as JS_IESLICE.AQ and the malicious .MOV file as a variant of XML_HACK. The downloaded Trojan programs are detected as TROJ_DROPPER.NH and TROJ_AGENT.HJS.

    As we know, motivation behind cyberattacks nowadays is always driven by money. This is just a first in a long series of e-commerce-related invasions that will occur in 2008, if companies and users don’t take extra measures in securing their online businesses. Keep your software updated and be extra vigilant in doing business online… It’s still not too late to add another resolution for ’08.

    Trend Micro Research Project Manager Ivan Macalintal says that this compromise is still under investigation. He adds: “Updates will be posted as soon as new information arrives so you better stay tuned!”

    Many thanks to Mary Landesman of ScanSafe for providing the initial report on the topic

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice