Technology blog TechCrunch was flagged by malware-detections yesterday after it was infected by a variant of the Zeus Trojan.
Graham Cluley, senior technology consultant at Sophos, with whom the Harmony Guy conversed about the detection, said that the website appeared to have fallen victim to hackers who planted a malicious script on their site that was designed to infect unsuspecting visitors.
Rik Ferguson, senior security advisor at Trend Micro, said: “The code redirects to a host which is serving up malicious PDF files. The PDFs are designed to exploit a vulnerability which leads to the download of that Poison Ivy of the criminal underworld, Zeus. The malicious server is hosted by Netdirect over in Frankfurt, Germany, a provider with a relatively colourful history of their own.
“The file itself has very low detection rates at present and only serves to underline the need for a security solution that considers the threat as a whole instead of focusing on one aspect of the threat.”
Cluley said: “Ideally TechCrunch will post a message on its site (on the TechCrunch Europe site, at least) informing users about the incident and advising that they check their PCs with an up-to-date anti-virus. I don't see any message to that effect yet on that site - but I'm hopeful.
“Yes, some firms are embarrassed when their websites become infected - and it's not the kind of event that we would wish upon anyone. But let's not forget that TechCrunch is the victim of a criminal act, and although in an ideal world their site would not have been compromised in this way they are not - ultimately - the ones to blame for the wrongdoing.
“What they can do, as a responsible member of the internet community, is advise anyone who might have visited the site while it was infected to double-check their computer systems. That's the kind of behaviour that we would expect of any website that suffered a security problem - and is, indeed, the kind of behaviour that technology media websites like TechCrunch would expect from others too.”