Some sections of the popular PBS.org Web site have been hijacked by hackers serving up a cocktail of dangerous exploits.
According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe.
The malicious JavaScript was found on the “Curious George” page that provides content on the popular animation series.
A look at the code on the hijacked site shows malicious activity coming from a third-party .info domain.
The URL serves exploits that target a variety of software vulnerabilities, including those in Acrobat Reader (CVE-2008-2992, CVE-2009-0927, and CVE-2007-5659), AOL Radio AmpX (CVE-2007-6250), AOL SuperBuddy (CVE-2006-5820) and Apple QuickTime (CVE-2007-0015).
Purewire said the exploit site is part of a malware campaign that includes tens of similar Web sites hosted off of a handful of common IP addresses.
Read the Purewire blog for more information on this attack.
A representative for PBS.org tells me the malicious code has been removed from the site.
blog.purewire.com/bid/20389/PBS-Website-Compromised-Used-to-Serve-Exploits
cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927
threatpost.com/pbs-website-compromised-used-serve-exploits-092309/