- The Zscaler Experience
Your world, secured
Experience the transformative power of zero trust.
Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
Get the full report
![gartner magic quadrant]( "gartner magic quadrant")
Zero Trust Fundamentals
-
What is Zero Trust?
-
What is Security Service Edge (SSE)?
-
What is Secure Access Service Edge (SASE)?
-
What is Zero Trust Network Access (ZTNA)?
-
What is Secure Web Gateway (SWG)?
-
What is Cloud Access Security Broker (CASB)?
-
What is a Cloud Native Application Protection Platform (CNAPP)?
-
Zero Trust Resources
-
- Products & Solutions
![test]( "test")
Secure Your Users
Provide users with seamless, secure, reliable access to applications and data.
![test]( "test")
Secure Your Workloads
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
![test]( "test")
Secure Your IoT and OT
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Products
Transform your organization with 100% cloud native services
Solution Areas
Propel your business with zero trust solutions that secure and connect your resources
-
Stop Cyberattacks
-
Protect Data
-
Zero Trust App Access
-
VPN Alternative
-
Accelerate M&A Integration
-
Optimize Digital Experiences
-
Zero Trust SD-WAN
-
Build and Run Secure Cloud Apps
-
Zero Trust Cloud Connectivity
-
Zero Trust for IoT/OT
-
Zero Trust for Private 5G
-
Find a product or solution
-
Find a product or solution
-
- Platform
Zero Trust Exchange Platform
Learn how Zscaler delivers zero trust with a cloud native platform built on the world’s largest security cloud.
![test]( "test")
Transform with Zero Trust Architecture
Propel your transformation journey
Secure Your Business Goals
Achieve your business and IT initiatives
- Resources
- Company
Security Insights
Philippine Yellow Pages Hacked
Following on the wave of "iepeers.dll" exploits, we found that the same client IP address involved in the attacks, used an open proxy to reach thousands of pages containing IE6 exploits. These consisted of legitimate sites which had been hacked and the following Javascript code had been injected into the pages:
Obfuscated malicious Javascript
The code is well obfuscated - it is different on each of the hacked sites and uses exceptions and eval functions to break deofuscation tools. The code is obfuscated several times, and does not do any document.write functions, all of which can make the script more difficult to decode. In the end, the script adds an invisible iframe to a Russian (.ru) website on port 8080. The domain name used by the iframe varies.
Fortunately, the author went too far with the obfuscation, and it is actually fairly easy to recognize the obfuscated code. We wrote a few signatures last week to catch sites hijacked with this code. Among the hacked sites, we found that the Philippine Yellow Pages: http://yellowpageph.com/ had been successfully attacked. I have checked several pages on the site and only the home page seems to be infected.
Invisible iframe to tenthprofit.ru:8080
We've seen this malicious code on all kinds of websites, but the URL used on this Yellow Pages site is interesting: hxxp://tenthprofit.ru:8080/google.com/live.com/pagesjaunes.fr.php (the URL is inaccessible at this time). "pagejaunes" is French for Yellow Pages. This may just be a coincidence...
I have contacted the website, it may be cleaned up at the time this post is published.
-- Julien
Get the latest Zscaler blog updates in your inbox
Subscription confirmed. More of the latest from Zscaler, coming your way soon!
By submitting the form, you are agreeing to our privacy policy.