GSC website compromised


Update: The malicious code seems to have been removed from the GSC website when we checked on it around 10pm.

Forumer manutdotcom tipped us off earlier today on a malicious piece of code present on the GSC online website. We did some checking ourselves on his story, and true enough, there is a piece of  suspicious code being called from within the main frame of the site.

According to  manutdotcom on his blog entry, the malicious piece of code is identical to the 2117966.net mass ASP/SQL injection script that was responsible for compromising over 10,000 sites earlier last week.
Since the script is being called directly via a javascript call (read if you open the page, and don’t have a proper antivirus installed, you’re doomed), the site is now considered high risk  – until the malicious code is removed.
According to the SANS advisory, the exploit code has the ability to install a malicious password stealing program on unpatched browsers via an Active X exploit. So, if you did accidentally visit the GSC online page (link not provided for obvious reasons), you might want to have your system scanned and your antivirus updated. 
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: