Italian-language page at MSN redirects to Cool Exploit Kit, serves ransomware

Italian-language page at MSN redirects to Cool Exploit Kit, serves ransomware

Summary: Last week, security researchers from AVG's Web Threat Research Group detected a malicious JavaScript on an Italian-language page at MSN that was dropping ransomware on the affected hosts. How trusted are high profile "trusted" Web sites?

SHARE:
TOPICS: Security
1

Last week, security researchers from AVG's Web Threat Research group detected a malicious JavaScript on an Italian-language page at MSN, which was at the time redirecting to the Cool Exploit Kit, ultimately dropping ransomware on the affected hosts.

The high profile Web site infection, in terms of the huge traffic volume that was logically hijacked during the campaign, raises an important question--can you really trust those "Trusted Web Sites" that average and corporate users often think are secure by default? The truth is that you can't afford to "wait and see," and need to always assume the worst, for the sake of your data/host/network's CIA (Confidentiality, Integrity, Availability).

Throughout the years, cybercriminals have learned that it's easier and more efficient to inject malicious scripts on hundreds of thousands of Web pages, instead of targeting a few high profile Web sites. It's not that they don't want to. It's just more efficient and easy to utilize the "Long Tail" concept. Naturally, that entirely depends on the attackers in question.

For instance, this isn't the first time that pages within MSN's domain were serving malware to its visitors. Back in 2008, MSN Norway fell victim to a malvertising campaign, followed by a series of direct/indirect compromises of high trafficked Web sites throughout the entirety of 2009, affecting FoxNews.com, Cleveland.com, the New York Times, as well as many other high profile Web sites such as, CNN, BBC, Washington Post, GameSpot, World Of Warcraft, Mashable, Chow.com, ITpro.co.uk, AndroidCommunity, Engadget, and Chip.de, proving that no one is safe. And although the media's attention is constantly emphasizing on the emergence of targeted attacks and cyber espionage campaigns, noisy mass SQL injection campaigns and traffic acquisition tactics relying on malvertising, are definitely not a thing from the past.

AVG has notified Microsoft, and the malicious JavaScript has been removed.

Do you think the time has come for the industry to admit that there's no such thing as a trusted Web site, and that users should always assume the worst by default? Do you maintain a list of trusted Web site, and what makes you think they're trusted enough to be allowed to run active content?

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Great information

    Dancho, once again you bring vital information to the masses.

    As we clean infected websites we frequently find that people have little regard for anti-malware protection on their computers - PCs or Macs. We hear, "I just avoid the bad sites." Your information is a clear sign that people cannot just avoid the "bad" sites. With today's cybercriminals you never know what is a good, trusted site and what is a "bad" site. What's good today, could be infected in the next 10 minutes.

    Again, great information.
    WeWatch