Security Bytes

Mar 28 2008   9:26AM GMT

Researcher: IFrame redirect attacks escalate

Leigha Leigha Cardwell Profile: Leigha

It’s been a couple of weeks since security researcher Dancho Danchev raised the red flag about IFrame redirects attackers have been using to corrupt hundreds of thousands of websites, and how the likely culprit is the infamous hacking group known as the Russian Business Network (RBN).

Overnight, Danchev emailed me with an update, and it doesn’t look good. Based on his ongoing investigation, the attacks seem to be continuing unabated.

The latest high-profile sites getting targeted includes usatoday.com, abcnews.com, news.com, target.com, packardbell.com, Walmart.com, Rediff.com, Miamiherald.com, Bloomingdales.com, Patentstorm.us, Webshots.com, Sears.com, Forbes.com, Ugo.com, Bartleby.com, Linkedwords.com, Circuitcity.com, Allwords.com, Blogdigger.com, Epinions.com, Buyersindex.com, Jcpenney.com, Nakido.com, Uvm.edu, hobbes.nmsu.edu, jurist.law.pitt.edu, boisestate.edu.

This on top of those he listed two weeks ago:

NCSU Libraries – lib.ncsu.edu – 372,000 pages
FullDownloads.us – fulldownloads.us – 13,000 pages
Central Statistics Office Ireland – cso.ie – 10,300 pages
DBLife Frontpage – dblife.cs.wisc.edu – 1,130 pages
School of Mathematics and Statistics – www-history.mcs.st-andrews.ac.uk – 1040 pages
eHawaii Portal – ehawaii.gov – 992 pages
The World Clock – timeanddate.com – 944 pages
Boise State University – boisestate.edu – 471 pages
The U.S. Administration on Aging (AoA) – aoa.gov – 425 pages
Gustavus Adolphus College – gustavus.edu – 312 pages
Internet Archive – archive.org – 261 pages
Stanford Business School Alumni Association – gsbapps.stanford.edu – 157 pages
BushTorrent - bushtorrent.com – 147 pages
ChildCareExchange – ccie.com – 131 pages
The University of Vermont – uvm.edu – 120 pages
Hippodrome State Theatre – Gainesville, FL – thehipp.org – 112 pages
Minnesota State University Mankato – mnsu.edu – 94 pages
The California Majority Report – camajorityreport.com – 16 pages
Medicare.gov – medicare.gov – 12 pages
USAMRIID – usamriid.army.mil – 3 pages

“After another week of monitoring the campaign and the type of latest malware and sites targeted, the campaign is still up and running, poisoning what looks like over a million search queries with loadable IFrames, whose loading state entirely relies on the site’s Web application security practices – or the lack of,” Danchev wrote in his blog. “

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: