The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.
Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a .cz.cc domain name.
Although Sophos products intercepted the compromised TWiT.tv webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors’ products may not be so lucky.
The .cz.cc webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.
The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.
Surfing the web without malware protection is pretty dangerous these days – it’s like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages…
Read more in my article on the Naked Security website.