The Latest in IT Security – malware infects Leo Laporte’s website


TWiT.tvThe website run by internet celebrity Leo Laporte,, has been hit by a malware infection intended to infect visiting computers.

Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a domain name.

Although Sophos products intercepted the compromised webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors’ products may not be so lucky.

TWiT infected webpage

The webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.

The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.

Surfing the web without malware protection is pretty dangerous these days – it’s like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages which are hosting malware every day.

The TWiT network is famous for scores of popular internet podcasts and streaming video shows, including “This Week in Tech” (which gave the network its name) and “Security Now” co-hosted by Steve Gibson.

As you can see below, Google Chrome is also warning of the infection:

Warning via Google Chrome

If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments