The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.
Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a .cz.cc domain name.
Although Sophos products intercepted the compromised TWiT.tv webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors’ products may not be so lucky.
The .cz.cc webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.
The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.
Surfing the web without malware protection is pretty dangerous these days – it’s like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.