Trojan trap set at 'Survivor' site

A Web site likely to attract fans of the CBS-owned television series Survivor could contain a nasty surprise for its visitors.The site, owned by a party that has licensed the word "survivor" in a top-level US domain -- not linked to the television network -- today contained a smorgasbord of malicious code embedded in HTML scripts.

A Web site likely to attract fans of the CBS-owned television series Survivor could contain a nasty surprise for its visitors.

The site, owned by a party that has licensed the word "survivor" in a top-level US domain -- not linked to the television network -- today contained a smorgasbord of malicious code embedded in HTML scripts.

A concerned Web user alerted ZDNet Australia about the site after noticing that content on the site had triggered his anti-virus software.

Users who visit the site without adequate anti-virus protection on their PCs are at risk of being infected by three trojans coded into scripts maliciously embedded in its content: VBS/Psyme, Debeski and Java Script/IE.startgen.d.

The trojans take advantage of known exploits in Microsoft ActiveX, Internet Explorer and Java virtual machine.

While anti-virus vendors only rank the script trojans as moderate or low risks, they may be designed to prompt a computer accessing the site to automatically download a secondary payload from another location on the Internet.

At this stage anti-virus vendors that ZDNet Australia approached today have not revealed what the payload is, but miscreants have recently contrived similar forms of attack into maliciously designed HTML e-mails MessageLabs detected this month.