According to the San Diego based Websense, the main Indian site of Moneycontrol.com was compromised and injected with malicious code on November 6, 2010. The injected code redirected users to an exploit website. “Once a user visited the Moneycontrol.com, the malicious code took the user’s browser quietly to an exploit website http://www.Brenz.pl – in a typical “drive-by” attack. Brenz.pl is an exploit site pre-loaded with an exploit kit called Eleonore,” says Websense Labs Senior Researcher Elad Sharf.
Exploit kits contain malicious programs which can be downloaded to infect a particular computer. “A list of exploits are delivered to the user’s browser once Brenz.pl is visited and any successful attempt of exploitation results with the user being infected with a Trojan called Virut,” Mr Sharf adds. Virut is a file infector that targets .exe and .scr files, extensions used for applications and scripts respectively. The site was cleaned up the next day.
Active injected codes can potentially impact a site’s performance. When a website is injected with code that leads to an exploit site, visitors generally experience hanged or slow browsers, and often a a browser crash, as well, says Sharf.
Eleonore on the other hand has potential to exploit common vulnerabilities in applications like Adobe Reader, Mozilla Firefox and Internet Explorer.