JPCERT-AT-2009-0010
JPCERT/CC
2009-05-19
<<< JPCERT/CC Alert 2009-05-19 >>>
Malicious JavaScript injection attacks are on the rise
http://www.jpcert.or.jp/at/2009/at090010.txt
I. Overview
JPCERT/CC has received information that legitimate websites injected
with malicious Javascript have recently been increasing in number.
Users visiting such sites are redirected to a third party site where
they may possibly be infected with malicious software.
According to US-CERT, such attacks have targeted vulnerabilities in
such software as Adobe Flash, Adobe Acrobat and Adobe Reader.
Additionally, the malware installed by a successful attack attempts to
steal FTP passwords. If a stolen FTP account has access to files
containing web site code, this code will also be injected with
malicious Javascript with the aim of infecting users to that site
also.
US-CERT Current Activity
Gumblar Malware Exploit Circulating
http://www.us-cert.gov/current/archive/2009/05/18/archive.html#gumblar_malware_attack_circulating
II. Solution
The following actions will reduce the risk of compromise:
- Ensure that you are running the latest version of Adobe Flash,
Adobe Acrobat and Adobe Reader
- Run an anti-virus product updated with the latest virus definition
files
To protect yourself against similar attacks in the future, always
ensure that you are running the latest version of all software installed on your system.
III. References
US-CERT Current Activity
Gumblar Malware Exploit Circulating
http://www.us-cert.gov/current/archive/2009/05/18/archive.html#gumblar_malware_attack_circulating
Sophos
Troj/JSRedir-R
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirr.html
Adobe Flash Player version tester
http://kb2.adobe.com/cps/155/tn_15507.html
Adobe.com
New downloads
http://www.adobe.com/support/downloads/new.jsp
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
Top