![]() Owner of the «روزنامہ جنگ» (Jang) newspaper: Independent Newspaper Corporation Name of «روزنامہ جنگ» in Latin alphabyte (transcription): Jang Newspaper name «روزنامہ جنگ» translated in English: The Struggle Official newspaper name in original language: روزنامہ جنگ Special thanks to Websense researchers Tamas Rudnai and Artem Gololobov who contributed information to this post.Detailed information about «روزنامہ جنگ» (Jang) media The second injection appears as obfuscated Javascript code that eventually gets translated by the browser to an Iframe: The injected Iframe on the main page of : The ThreatSeeker network monitors constantly for security risks and as soon as it's cleaned we'll also update this blog post. The first appears as an Iframe (the first snapshot below), the second appears as obfuscated Javascript code that also silently redirects any browsing user to exploit sites however, those exploit sites appear to be down at the time of writing of this post. In total there are two kinds of injections on. ![]() You might think it ends here, but any security holes that leave the door open for attackers to inject malicious code may also be revealed by other attackers as well, this is the main reason why the Web site has another kind of malicious injection on many of its pages. The injection appears as an Iframe at the bottom of each injected page. This is how Fireshark sees (depicts all of the connections made by the browser when browsing to click to enlarge). This is what the main page of looks like: In the image below, the malicious Web site that the browser connects to when visiting is marked with the color red and the string TLD vv.cc ( is also marked in red because it is compromised). You can check it out at its official Web site: ).įireshark can map exactly what happens to the browser when surfing to a Web address. When is loaded to Fireshark, at the end of the process Fireshark creates a visual map of all of the connections made by the browser during the site visit. (The Fireshark project is open source and also comes as a Firefox plugin. ![]() Fireshark allows researchers to visually see and map all the Web sites that the browser connects to when visiting a Web address. One of our internally developed power tools that we use in the labs to research and analyze Web sites is Fireshark™. The backdoor file currently holds a detection rate of 26%. If one of the kit's many exploit attempts is successful, a Trojan Backdoor file is dropped onto the user's machine. The visiting user's browser is redirected silently, in the background, to an exploit site loaded with an exploit kit called 'g01pack' (we blogged not long ago about mass injections leading to this exploit kit). Some reportsindicate an average of more than 40,000 unique visits to the Web site a month.Īn infection can occur while visiting the main page of the site. It also links to many other Web sites (Alexa report). ![]() The Web site gets a lot of daily traffic from its many loyal readers, both within and outside Pakistan. The paper is one of the most popular and oldest newspapers in Pakistan. At the time this writing, the exploit sites that the Daily Jang redirects to are active and serve malicious code. The code redirects visitor browsers to exploit Web sites. The Web site has been injected with malicious code in several locations. Websense Security Labs™ ThreatSeeker® network has determined that the popular online Pakistani newspaper Web site the 'Daily Jang' (at ) has been compromised. Websense customers are protected from this attack by ACE, our Advanced Classification Engine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |