Sophos discovers serious threat for vloggers on Adobe website

October 17, 2008 Sophos Press Release

IT security and control firm Sophos is warning computer users to be vigilant following its discovery that legitimate webpages on the website of Adobe Systems were hosting malicious code that can infect visiting computers.

Sophos identified the threat, known as Mal/Badsrc-C, on the Fortune 1000 company's 'Vlog It support center section' - an area providing tips for video bloggers - on Friday 3 October. Despite repeated attempts by Sophos to contact Adobe about the problem, the malicious code was still present until last night.

Sophos intercepting the infection on the Adobe website
Sophos intercepting the infection on the Adobe website.

Mal/Badsrc-C is a dangerous piece of malware that spreads by infecting the PCs of unsuspecting users with SQL injection attacks which download more malicious scripts from the net, and ultimately infect victims with spyware.

"Incidents like this show once again that even established and respected companies like Adobe are not immune from the growing tide of web-based malware attacks. These infections are insidious, meaning the most well-intentioned internet users can be hit without knowing it," said Graham Cluley, senior technology consultant at Sophos. "Organisations need to wake up and ensure that their websites are properly coded and that security is in place to stop these kind of attacks. With over 90 percent of web infections now found on legitimate sites, firms need to take control to avoid putting potential customers at risk."

Sophos recommends that all businesses ensure their websites are fully defending against attacks, including spam, phishing and malware, and that all vulnerabilities are patched.