Visitors to the Web site of the IndiaTimes.com were exposed to malware, according to a ScanSafe advisory.
Mary Landesman, a researcher at ScanSafe said in her blog that the company had contacted the IndiaTimes by email and phone last week. “Unfortunately, the person we spoke with indicated that it was a holiday in India and they would be unlikely to fix the problem until Monday,” she said.
Much of India was on holiday because of the of the Diwalia festival. The India Times Web site was updated throughout the week. It is not known if the site still contains malware.
Landesman described the malware saying, “The installed malware included a cocktail of downloader and dropper Trojans, assorted other malicious binaries, and large amounts of scripts, cookies, and other non-binaries. We ran some of the binaries through VirusTotal and looks like overall detection among signature-based antivirus vendors is low.”
“Given the nature of the downloaded files, it appears the malware may be intended to create sites used to attack others or that there may be some malicious peer-to-peer or other filesharing/communication purpose. ScanSafe continues to analyze the attack and we’ll update the blog and our Threat Alert Center with those findings.”
ScanSafe first discovered and blocked malware on the site on October 25. ScanSafe is still researching the scope of this attack, but with its popularity and the amount of malware involved the company is telling users to use caution. Only a handful of pages of the Indiatimes are infected.
