Feeds

Torrentreactor breach serves potent exploit cocktail

iframe redirection redux

By Dan Goodin, 1 Jul 2009
4
  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.

Attackers have managed to inject an iframe into the site that scours Torrentreactor visitors' computers from a long list of vulnerable applications, including Adobe's Reader and Shockwave programs and Microsoft's Internet Explorer and Office Snapshot Viewer. When it finds one, it downloads and runs a malicious file.

According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims' machines.

This isn't the first time that security researchers have reported Torrentreactor is foisting malware on its users. In March 2008, the site suffered a similar iframe attack, according to Dancho Danchev.

The malicious file in the latest compromise communicates with a server at 78.109.29.116, an IP address that web searches suggest has ties to the Russian Business Network. We'll be steering clear of this site for the time being. ®

Secure remote control for conventional and virtual desktops

4 Comments

More from The Register

next story
Planning to fly? Pour out your shampoo, toss your scissors, RENAME TERRORIST WI-FI!
FAA fails to see humor in 'Al-Quida' hotspot jokes
105
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
29
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
23
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
26
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
19
Schneier, Diffie, ex-MI5 bod, privacy advocates team up on Code Red
Project will fight intrusive surveillance
27
In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust
Step 1: Don't get owned. Step 2: Use HTTPS. Step 3: ...
13
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
18
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
28
Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?
Doublecheck your NAT-PMP settings now
13
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Manage security in real time
How security information and event management (SIEM) can work, but also shows how SIEM will become an essential feature of your security environment.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Everything a site builder wants to know
The major changes in Drupal 8 for end users, site builders, designers and front-end developers, and for back-end developers - part 2.
Search more Resources