- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Opera Site Serving Malvertising
Monday, November 19, 2012 @ 04:11 PM gHale
Opera halted ad-serving on its portal as a precaution while it investigates reports surfers suffered exposure to malware simply by visiting the Norwegian browser firm’s home page.
Malicious scripts loaded by portal.opera.com were redirecting users toward a malicious site hosting the notorious BlackHole exploit kit, said a Romanian anti-virus firm BitDefender, which said it detected the apparent attack on its automated systems.
RELATED STORIES
Malware Alert: USB Smart Readers
New Java Attack in Exploit Kit
Malware with Terms of Service Pact
Simple Works for Malware Writers
BitDefender said it warned Opera after it detected the problem on Wednesday. It seems likely the scripts had been loaded through a third-party advertisement, a practice commonly known as malvertising.
Opera, while not confirming the issue, did disable advertising scripts on its portal just in case.
The browser firm said: “We are investigating the claim, and while we are working with this, we have taken some precautionary measures just to be safe, such as disabling the ads temporarily on portal.opera.com,” Opera said in a statement.
A blog post by BitDefender said cyber crooks were using obfuscated script to hide the attack. The security firm said Opera fans suffered exposure simply by firing up the browser software.
“The hidden and obfuscated piece of code in the Opera Portal homepage inserts an iFrame that loads malicious content from an external source,” BitDefender said. “If the Opera user hasn’t changed their default homepage, active malicious content is loaded from a third-party website whenever they open their browser.”
In controlled tests, BitDefender researchers were served with a PDF-based exploit designed to infect a user with a freshly compiled variant of the ZBot (ZeuS) banking Trojan. The exploit served from a server in Russia, according to BitDefender.
“We have no indications that anyone was infected before or after we disabled the ads yesterday [Wednesday],” an Opera spokesman said.
Leave a Reply
You must be logged in to post a comment.