07-03-2009 1:49 Gumblar Invades Best Buy  Earlier today, Trend Micro Technical Account Manager Fioravante Souza in Brazil spotted a (potentially harmful) URL that redirects users from the Best Buy domain site. Users who visit www.bestbuy.com, as it turns out, are redirected to the URL, hxxp:// pics.bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba599301f. The compromised page in the domain is found to be the landing page where visitors can choose the language to be used as they browse within the site. Threat Research Manager Ivan Macalintal further identifies that a GEO-IP check happens prior to displaying the said landing page. “If (the) requesting IP is from the Latin America Region (LAR), users are redirected to the ‘choose English or Spanish’ page—and then bingo!” Macalintal says. Below is a screenshot of the landing page and its source code:
Same old criminals
Best Buy has been informed of the said URL redirections and is resolving the matter as of this writing. More information to follow. Hat tip to Advanced Threat Researcher Paul Ferguson for providing more information. Post from: TrendLabs | Malware Blog - by Trend Micro Gumblar Invades Best Buy News :: trendmicro Povezani zapisi: 03-10-2010 15:51 Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test Sophos 03-08-2010 0:20 Best of Application Security (Friday, Mar. 5)  Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.Verizon Incident Metrics Framework ReleasedWiseguys net $25m in ticket scalping racketState of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL)Top 10 Hacks of 2009 and WAF MitigationsFTC alleges that ControlScan offered 'little or no verification' of site security or privacy I’m in ur 4sq, snarfin ur password — Part IFifteen Common Activities from BSIMM2Even if You Don’t Invent Your Own Crypto….It’s Still HardFacebook founder Mark Zuckerberg 'hacked into emails of rivals and journalists' WhiteHat Security is a leading provider of website security services. Feedproxy Security 02-26-2010 16:46 Best of Application Security (Friday, Feb. 26)  Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.Hitler and Cloud Computing Security Microsoft SDL Core Training Classes & Tools A Big Case of ...OOPS... Customer-Induced FUD NT OBJECTives Response to the Larry Suto Report Web Security Dojo v1.0 & Watcher 1.3.0 release Online finance flaw: Ameriprise III Banks, Businesses, Viruses and the UCC Breaking Weak CAPTCHA in 26 Lines of Code Finding Input Validations flaws with Taint Checking WhiteHat Security is a leading provider of website security services. Feedproxy Security 02-19-2010 16:13 Best of Application Security (Friday, Feb. 19)  Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.Microsoft’s Many Eyeballs and the Security Development LifecycleA Comparison of DBIR with UK breach reportInfrastructure vs. Application Security SpendingIdea for a Fondue Party2010 CWE/SANS Top 25 Most Dangerous Programming ErrorsShould Software Developers be Liable?Directory traversal as a reconnaissance toolAbusing WCF to Perform Remote Port ScansThe State of Web Security Issues3000 Small Dog Electronics customers' credit card details compromised WhiteHat Security is a leading provider of website security services. Feedproxy Security |
