Someone has been illegally intruded into "ITmedia", rewriting the page and installing a malicious code



"ITmedia Biz.ID"Top page,"TechTarget Japan"Webcast page,"ITmedia mail magazineThree of the guide pages may have displayed a page containing malicious code during the period from 18 o'clock on April 27, 2007 to 13 o'clock May 1st.

It seems that it was harmless if Windows update is up to date, but if you have memory that you accessed during the above period, be sure to scan with antivirus software etc just in case. It seems to be detected as "EXPL_EXECOD.A" "JS / Exploit-BO.gen" "Exploit.HTML.IframeBof".

Details are as follows.
IT MEDIA CORPORATION: Requests for reporting and coping with disclosure of unauthorized code incorporation page on our site

All the files on the public server and the publishing preparation server that have already been investigated have been investigated, the fraud code is also excluded, and the route used for intrusion has been blocked. In addition, in order to prevent future fraudulent code entry, it seems that we have refurbished the public program and set up monitoring tools.

So, what is this kind of malicious code and what is important is "Virus that exploited VML code execution vulnerability in Microsoft Internet Explorer"It seems like a zero-day attack was done around September 2006, but when you look at McAfee's data"JS / Exploit-BO.genIt seems that there was already a script code of this hand around January 2005.

Also, McAfeeThose announcing the data of April collectivelyAccording to this, the one that seems to be a malicious code this time is ranked number one as "Trojan horse that puts a buffer overflow attack".

in Note, Posted by darkhorse