ZDNet Asia and TorrentReactor Compromised

Looks like both sites have been compromised by a malicious IFrame … [details here] what happens is you get redirected to yet another Rogue Antispyware (xpantivirus2008)



Naturally these are bogus results since no scan really occured … however this is a new avenue of attack and hopefully these compromised sites will get things cleaned up shortly …



What I found interesting is that visiting the “xpantivirus2008” home page offers a link to [sic] purchase their product, however this redirects to “secure.xp-antivirus(dot)com”. Which is yet another Rogue.Antispyware …


In related news … we find this


We’ve gotten some reports that visitors to our homepage are being prompted to download an executable file called XPantiVirus. We’ve also observed this ourselves.


We have disabled banner ads on blip until we get to the bottom of this. We use a third-party banner advertising network that has an excellent reputation and has been good to us, but it looks like something may have slipped through their filters. We will keep banner ads disabled on blip until we are certain that this situation is resolved.


UPDATE: We believe we’ve located the offending advertiser and resolved the situation.”


Notice that there is no responsibility here? … not even a mention of a link where (blip.tv) visitors should go to get their machines scanned for a possible malicious infection.


I predict it won’t take long before someone files a lawsuit against these sites for failure to keep their software updated, and not offering visitors some kind of proper advise on what they should do in the event they get infected …



2 Responses to “ZDNet Asia and TorrentReactor Compromised”

  1. Today, my wife visited a site she thought would help her map out the trip between Myrtle Beach, SC and Charleston, SC. When I sat down at the laptop, I saw the apparent results of an Anti Virus or Spyware Scan that seemed legitimate, as my son’s laptop runs XP Home and it was label XP Antivirus 2008. It alleged three specific problems, and when I cautiously attempted to abort the program, it apparently installed it. It appeared as a shortcut on the desktop and an icon in the task tray. I’ve used 4 different legitimate programs to try and remove it and not one has actually identified this as a risk, period. How do I get rid of something that isn’t detected and doesn’t appear as a program Windows could uninstall?

  2. Bob,
    A good place to start is here:
    How to remove XPAntiVirus
    http://www.bleepingcomputer.com/forums/topic111715.html