BREAKING: DenverPost.com’s Site Blacklisted Due to Suspicious Web Drive-by Malware
Web Blacklisting reports are coming in that late Saturday night, Pacific Time, that parts of the Denver Post newspaper site is getting blacklisted due to web-based drive-by downloads.
Web anti-malware company Dasient is reported that extras.denverpost.com (WARNING: MAY NOT BE SAFE…DO NOT GO TO THIS SITE WITHOUT STRONG LAYERS OF SECURITY) has 26 pages infected pages. Dasient also is reporting that the site is blacklisted by Google/Chrome and Mozilla Firefox.
Over at Google, the Google Safe Browsing Diagnostic site is reporting:
“Site is listed as suspicious – visiting this web site may harm your computer….
Of the 137 pages we tested on the site over the past 90 days, 44 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-06-25, and the last time suspicious content was found on this site was on 2009-06-25.
Malicious software includes 46 scripting exploit(s).
Malicious software is hosted on 3 domain(s), including gumblar.cn/, bigtopmanagement.cn/, findbigbrother.cn/.
This site was hosted on 8 network(s) including AS20940 (AKAMAI), AS21399 (AS), AS2914 (NTT).”
It has been widely discussed in data security circles that web drive-by downloads are the fastest growing area of cyber attacks. There were over 4000 new web application vulnerabilities reported last year. Members of the Dark Web seek out these web based vulnerabilities on legitimate sites. Members of the Dark Web use these vulnerabilities to steal confidential data from web site visitors, and to steal confidential data from web site owners.
Security experts, and the PCI (Payment Card Industry) standard, prescribe web application scanning and web application firewalls for web site owners to mitigate these attacks.
Web users can use browser sandboxing applications and browser-based plug-ins to mitigate these attacks. Many of these attacks are cross-platform, so using Mac OS X or Linux will not protect you from many of these web drive-by malware attacks.
We will have more coverage of this attack, including an interview with the CTO of Finjan about tools to fight these attacks on the Data Security Podcast that will post on Sunday night June 28th.