I had  reported on Jule 19th about the Deccan Herald (A popular news paper in Karnataka, India) website being classified as an “Attack Site” by Google. Despite this publication and having been aware, Deccan Herald has not yet secured their site and the site continues to be tagged an attack site by Google till date. (Refer Screenshots here)

Kasparesky anti virus identified the cause as a script running on the page. This script appears to run not only on the home page but also on several other pages of the site.On the home page, the source code (See detailed source code here)  is hosted on the image file “ys-myslake-july8.jpg” . The script itself is called from three sites crtbond.com, ausadd.com and destbnp.com and named ngg.js.

The said image file contains a beautiful photograph of “kukkarahalli lake” posted by an amateur photographer at the invitation of the web master in the “Your Space” Column.

This “Your space” photographs also appear in the city page and netmail page and may be in all other  pages. The script therefore runs on all these pages.

According to Google, “Of the 454 pages we tested on the site over the past 90 days, 108 page(s) resulted in malicious software being downloaded and installed without user consent.”

Google also reported that

“Malicious software includes 119 scripting exploit(s). Successful infection resulted in an average of 2 new processes on the target machine. Malicious software is hosted on 48 domain(s), including advabnr.com, ausadd.com, crtbond.com. 6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including advabnr.com, crtbond.com, ausadd.com.”

This information is now being sent again to Deccan Herald for taking remedial action so that visitors to this site would not be penalized with the download of the malicious codes. Hopefully they would act at least this time.

In the meantime, I take this opportunity to highlight the necessity for all public websites to monitor such events and take necessary action as otherwise they would be liable under Section 43 (C) of ITA 2000 for paying compensation to each of the visitors who suffer damages on account of the malicious code.

Naavi

July 11, 2008

Be Sociable, Share!