The North American network revealed that etix.cbs.com was compromised as a result of malicious activity. Cybercriminals added a malicious obfuscated script to the infected page which added a malicious IFrame to the page.
The injected IFrame automatically loads another malicious script from a remote server controlled by criminals in Russia, causing a possible installation of malware on the unsuspecting client machine. Finjan reported that actions had already been taken to turn the particular Russian server offline.
Finjan CTO Yuval Ben-Itzhak said: “This saga confirms our many previous warnings that obfuscated code posing a serious threat to internet users' PCs. Our threat reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware.
“This saga illustrates the popularity of malicious obfuscated code as a weapon of choice by criminal hackers. It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times.”
See original article on SC Magazine US