/>
X
Business

Paul McCartney's official site serving malware

All you (don't) need is malware on Paul McCartney's official web site.According to Mary Landesman at ScanSafe, the official web site of Paul McCartney (paulmccartney.
Written by Dancho Danchev, Contributor on

All you (don't) need is malware on Paul McCartney's official web site.

According to Mary Landesman at ScanSafe, the official web site of Paul McCartney (paulmccartney.com) has been compromised, and is serving live exploits to its visitors. Landesman points out that the compromise might have occurred through stolen FTP accounting data, taking into consideration the fact that the campaign is also present at several different flat HTML only web sites.

The process of automatically injecting malicious code at hundreds of sites through compromised FTP accounts is nothing new, and continues being in a development phase with the most recent kit released earlier this year. What has changed through, is the typical proposition for bulk-orders of data mined FTP credentials from botnets which the sellers are now offering to bargain hunters of such tools.

Here's a brief analysis of Paul McCartney's site compromise. The attack is taking advantage of a newly distributed web malware exploitation kit which is already gaining popularity across the cybercrime ecosystem due to the several new features, among which is the use of RSA encryption of the javascript. Upon several redirections (84.244 .138.55 /google-analytics/ga.js -> 84.244 .138.55 /ts/in.cgi?sliframe -> 84.244 .138.55 /ase/?t=17), the visitor is exposed to the typical set of already patched client-side vulnerabilities which vary based on the administrator's preferences.

The bottom line - would efficient exploitation of stolen FTP account data obtained through data mining an infected set of hosts re-emerge as a tactic of choice, or would massive SQL injection attacks through search engines reconnaissance targeting everyone, everywhere continue being the method of choice? In an increasingly multitasking cybercrime ecosystem, a combination of tactics is usually the method of choice.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

These file types are the ones most commonly used by hackers to hide their malware
getty-a-woman-looking-at-a-laptop-with-a-concerned-expression.jpg

These file types are the ones most commonly used by hackers to hide their malware

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition