In this section

• Home
• Press office
• News archive
• Articles
• 2008
• 10

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

17 October 2008

Sophos discovers serious threat for vloggers on Adobe website Video bloggers put at risk by malware-infected webpages

IT security and control firm Sophos is warning computer users to be vigilant following its discovery that legitimate webpages on the website of Adobe Systems were hosting malicious code that can infect visiting computers.

Sophos identified the threat, known as Mal/Badsrc-C, on the Fortune 1000 company's 'Vlog It support center section' - an area providing tips for video bloggers - on Friday 3 October.  Despite repeated attempts by Sophos to contact Adobe about the problem, the malicious code was still present until last night.

Sophos intercepting the infection on the Adobe website.

Mal/Badsrc-C is a dangerous piece of malware that spreads by infecting the PCs of unsuspecting users with SQL injection attacks which download more malicious scripts from the net, and ultimately infect victims with spyware.  

"Incidents like this show once again that even established and respected companies like Adobe are not immune from the growing tide of web-based malware attacks.  These infections are insidious, meaning the most well-intentioned internet users can be hit without knowing it," said Graham Cluley, senior technology consultant at Sophos.  "Organisations need to wake up and ensure that their websites are properly coded and that security is in place to stop these kind of attacks.  With over 90 percent of web infections now found on legitimate sites, firms need to take control to avoid putting potential customers at risk."

• Learn more about the incident on the SophosLabs blog.

Sophos recommends that all businesses ensure their websites are fully defending against attacks, including spam, phishing and malware, and that all vulnerabilities are patched.

 

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Learn more about threats on the SophosLabs blog
• Read Graham Cluley's blog for the latest security news