TechCrunch Europe hacked

The eagle-eyed harmony guy spotted about an hour ago that some malicious code had been added to the WordPress installation over at TechCrunch Europe.
 
 

Web reputation breaks the infection chain


 
 
The code redirects to a host which is serving up malicious PDF files. The PDFs are designed to exploit a vulnerability which leads to the download of that Poison Ivy of the criminal underworld, ZeuS.
  
The malicious server is hosted by Netdirect over in Frankfurt Germany, a provider with a relatively colourful history of their own.
  
The file itself has very low detection rates at present and only serves to underline the need for a security solution that considers the threat as a whole instead of focusing on one aspect of the threat.
  
If you’re using our stuff, you’re safe, the redirection to the bad host never happens and you never see the malicious file.
  
The folks at TechCrunch have been made aware and we hope they clean up their WordPress installation soon.
 

4 thoughts on “TechCrunch Europe hacked

  1. Jonathan

    Any chance this was a warning shot? Zone Alarm announced the threat zeus.zbot.aoaq today, which key logs banking user names and passwords.

    In august the zeus bot stole 1 million pounds from 100,000 British online bank customers according to this podcast by
    ESET:
    http://www.eset.com/resources/podcasts/081110_ESET_Zeus.mp3

    Which also begs the question, was Chase’s online banking hit by zeus? They have 16.9 million online banking customers.

    No one is talking about it. Just curious.

    Reply
    1. Rik Ferguson Post author

      Hi Jonathan,

      Zeus or ZBOT is a crimeware toolkit that has been around since 2006 and is probably the most widely used information stealing bot out there today. The announcement by Checkpoint/Zone Alarm was a littel disingenuous to say the least. ZeuS like most other malware is constantly pack, repacked, re-encoded in order to try and avoid detection by pattern-based security tools, this is simply another of the thousands of variants of this old threat.

      I don’t want to downplay the danger that ZeuS poses, it is very nasty and very effective information stealing malware, if you want to get an idea of the3 scale of the problem, try this excellent white paper from TrendLabs http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf

      Reply
  2. Pingback: TechCrunch Europe hacked!!!

  3. Pingback: TechCrunch Europe hacked - Donna's SecurityFlash

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>