The Latest in IT Security

Pregnant Kate Middleton doll leads to malware infection for AOL users

20
Dec
2011

Take care if you visit the main page of AOL UK today – a story about Kate Middleton being pregnant (or rather a doll of a pregnant Duchess of Cambridge) has a nasty sting in its tail.

AOL website, , promoting Kate Middleton doll story

The story, featured prominently on AOL’s main webpage, points to a different website – MyDaily.co.uk – another part of the AOL media empire.

Story on MyDaily website

The MyDaily website uses a legitimate piece of JavaScript code to “carousel” different adverts on the website. However, hackers have managed to breach security on the site and insert their own line of code.

The code the cybercriminals have injected onto the webpage attempts to run malicious code from a third-party site.

Malicious code injected into the website

Sophos products block the offending webpage as Mal/Iframe-Y.

Malicious hackers love to exploit high traffic websites. Think about it, rather than luring you to visit a site created by a hacker (in order to infect your computer) they can compromise an existing popular website and simply wait for traffic to come their way.

Always run up-to-date anti-virus software on your computer, and ensure that every webpage your computer visits is being scanned for malicious code.

Also, if you run a website – make sure that something like this doesn’t happen to you. For more information on securing your website download our technical paper “Securing Websites” published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.

Leave a reply


Categories

SUNDAY, AUGUST 25, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks