Diwali Surprise: IndiaTimes Website 'Attacks Visitors'
Dan Goodin writes on The Register:
Visitors to the IndiaTimes website are being bombarded by malware, some of which appear to target previously unknown vulnerabilities in Windows, a security researcher warns.More here.
In all, the English-language Indian news site is directly or indirectly serving up at least 434 malicious files, many of which are not detected by antivirus software, according to Mary Landesman, a senior security researcher at ScanSafe. She said at least 18 different IP addresses are involved in the attack.
"The end result of the compromise is that the user, going through their normal course of activities, is subject to a really massive installation of malicious files," she told us. "Coupled with the low detection by antivirus vendors, it does put the end user in a very vulnerable position."
Visitors can be infected even if they have up-to-date systems and they don't fall victim to tricks to install software or browser add-ons, she said. She urged people to avoid the site until it's been cleaned up.
Note: With Diwali upon us, this is a very, very serious issue... - ferg