The operators of Paul McCartney's web site were caught with their
electronic pants down this week after the portal was found to be
serving up malware.
According to a blog from Mary Landesman over at ScanSafe, the site
hack - Paulmccartney.com - may have occurred due to stolen FTP-based
accounting data, as several other host-linked sites have been
similarly affected.
Interestingly, Infosecurity notes that the number of DIY malicious
code insertion kits has soared since the start of the year, although,
crucially, hackers also need some method of gaining unauthorised
access to the web site that is to be hacked.
Unconfirmed reports on the hacker forums suggest that the Macca web
site hack is one of the first to use a new malware exploit kit that
uses RSA encryption on the Javascript routines.
After what appears to be several redirections (84.244 .138.55 /google-
analytics/ga.js to 84.244.138.55 /ts/in.cgi?sliframe to 84.244 .138.55
/ase/?t=17), users are deluged with a set of client-side malware whose
favour depends on the results of the probes that the origin malware
generates.
http://blog.scansafe.com/journal/2009/4/7/paulmccartneycom-gets-
lucky.html