Sydney website suffers drive-by web attack?

A popular Sydney website was identified by Symantec's security response team as possibly having delivered malware through a web advertisement served on its site.

Symantec said it was similar to the attack that infected The New York Times last week.

Symantec group product manager John Harrison showed the exploit at a technology briefing in Sydney last Friday.

He said there was a one in 10,000 chance of being infected.

He said the allegedly infected advertisement made use of a vulnerability in Microsoft's Windows operating system.

iTnews was unable to replicate the exploit.

Harrison showed a video of the malware being installed on his computer a week earlier.

"[As the page loads] you will see all sorts of different things being pulled from other sites and sources all over the place," he said.

"All of a sudden executables start dropping. This is an example of a real, almost live - I recorded this on Friday - malicious advertisement," Harrison said.

"It is not their site, it is one advert. They have outsourced their adverts to a third party," Harrison said.

"[When getting infected] you see nothing ... unless you are running Process Monitor (a Windows utility), you would have seen nothing," Harrison said.

"This is one of the hundreds of thousands of domains we have seen and nothing specific to their site. This is what I believe is just one advertisement on their site.

"It may not be the site itself," he said. "It could be [that] someone slipped something into the site itself, one of the adverts, it could be anywhere," Harrison said.

He said the malware seemed to be coming from tescanto.com, which was registered on September 11 this year.

The Australian Computer Emergency Response Team (AusCERT) said it was unaware of the Australian site being targeted.

"As yet we've had no reports of malicious activity," said Patrick Mannion, information security analyst at AusCERT.