The security geeks at Geek.com were busy this weekend, after Web security firm zScaler found evidence that an exploit kit was using malicious iframe attacks to try to attack visitors to the company’s Web site, according to a Zscaler report Sunday.
A post on the web security firm’s blog indicated the iframe was found at the bottom of the Geek.com site, subsequently redirecting users to a suspicious website hosting the kit. From there, the site’s obfuscated JavaScript was programmed to target vulnerabilities. The malicious code was also found injected inside an article about Call of Duty: Modern Warfare 3, from May 13.
Geek.com, a technology, software and gadget news site that was founded in 1996, is just the latest reputable site to be found serving exploit kits – a kind of Swiss Army Knife of Web attacks that allows hackers to customize attacks to the particular software a visitor is using. Sports site Goal.com and even some BBC sites were found dispensing malware to their site’s visitors after being hacked in a similar fashion earlier this year. As poor coding procedures, responsible for browser-based attacks like these, persist, drive-by downloads will continue to run rampant.
