The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.
Hackers have managed to inject a line of malicious code, in the form of an iFrame, at the very top of the TWiT website pointing to a webpage with a .cz.cc domain name.
Although Sophos products intercepted the compromised TWiT.tv webpage as Mal/Iframe-V, and prevented users from having their computers compromised by the attack, users of other vendors’ products may not be so lucky.
The .cz.cc webpage attempts to run a file called worms.jar which Sophos detects as Troj/Java-AL.
The Java Trojan is normally associated with fake anti-virus attacks, and may also trigger a PDF-based vulnerability attack detected by Sophos as Troj/PDFJs-ST.
Surfing the web without malware protection is pretty dangerous these days – it’s like sky-diving with nothing more than a picnic hamper strapped onto your back. We see tens of thousands of legitimate webpages which are hosting malware every day.
The TWiT network is famous for scores of popular internet podcasts and streaming video shows, including “This Week in Tech” (which gave the network its name) and “Security Now” co-hosted by Steve Gibson.
As you can see below, Google Chrome is also warning of the infection:
Of course, Leo Laporte is far from the first social media celebrity to suffer at the hands of hackers. For instance, a couple of years ago, Robert Scoble – himself a regular on TWiT.tv broadcasts, found that hackers had managed to breach his website after he failed to upgrade his version of WordPress.
If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.
