Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    9:52 am (UTC-7)   |    by

    On Sunday, an Italian blog reported of several compromised sites. After some investigation, we found that all sites that were reported have one thing in common: they were created using Plone, an open source content management system.

    Upon further research, we found that a Search Engine Optimization (SEO) blackhat technique called “Doorway Pages” was used, not only to promote some adult pages, but also to redirect the users to pages that download malware or fake anti-malware programs using redirectors. The two main redirectors used in this attack are hxxp:// and hxxp:// An example is one Italian Hotel Web site that was developed using Plone. Below their home page, you’d see something like this:

    Inside this hotel Web site is the page http://www.{BLOCKED}, which uses the URL as redirector. You can find actual evidence searching in Google for “inurl:portal_memberdata sex” and replacing “sex” for any other related word (such as lesbian, gay, etc).

    In November 2007, Australian Computer Emergency Response Team (AusCERT) discovered a vulnerability in Plone. In my opinion, somebody has discovered this vulnerability and is exploiting it to use as a redirector to malicious Web sites.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice