Redcross Site Hacked

March 05, 2010 - 1 min read

Contents

Article
More blogs

In this morning's logs I noticed that Zscaler detected malicious content within redcross-esc.org web-pages. Turns out that the site was a victim of a malicious iFrame injection, and I thought a short post on this would be a good follow-up from Umesh's previous post on hidden malicious iFrames.

redcross-esc.org belongs to the American Red Cross East Shoreline Chapter and is hosted on GoDaddy. Pages infected include:

hxxp://www.redcross-esc.org/gethelp/index.html
hxxp://www.redcross-esc.org/getinvolved/index.html
hxxp://www.redcross-esc.org/givemoney/index.html

Screenshot of malicious iFrame:
First stage decode:
Final decode writes iFrame to hxxp://foxionserl.com/:

Fortunately the foxionserl.com domain is not currently resolving, so the malicious page is not being pulled - Google results show that it had hosted a Adobe Acrobat PDF Reader exploit. Notifications are being sent to Redcross and GoDaddy.

Thank you for reading

Was this post useful?

Yes, very!

Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.