Lowyat.NET : Malaysia's Tech Enthusiast Resource Community

Monday, 08 September 2008 12:26 AM

Main Menu

Home

Lowyat Pricelists

Advertisements
Online Backup is Easy HP Coupons Web Hosting Malaysia

GSC website compromised

(16 votes)

by Vijandren Ramadass

Sunday, 30 March 2008 04:21 PM

Update: The malicious code seems to have been removed from the GSC website when we checked on it around 10pm.

Forumer manutdotcom tipped us off earlier today on a malicious piece of code present on the GSC online website. We did some checking ourselves on his story, and true enough, there is a piece of suspicious code being called from within the main frame of the site.

According to manutdotcom on his blog entry, the malicious piece of code is identical to the 2117966.net mass ASP/SQL injection script that was responsible for compromising over 10,000 sites earlier last week.

Since the script is being called directly via a javascript call (read if you open the page, and don't have a proper antivirus installed, you're doomed), the site is now considered high risk - until the malicious code is removed.

According to the SANS advisory, the exploit code has the ability to install a malicious password stealing program on unpatched browsers via an Active X exploit. So, if you did accidentally visit the GSC online page (link not provided for obvious reasons), you might want to have your system scanned and your antivirus updated.

Comments

Name: Danny	Comment: What symptom after infection? Normally i use firefox.. Now ok or not?
Rated Article: Posted: 2008-04-03 17:37:27

Name: MasterWorf

Comment:
If you notice the website is created by this company called Elderaan Technologies Sdn.Bhd, they are the ones responsible and they should be sued by GSC for this act of putting a malicious code.

I believe GSC should investigate this matter further and persue the ppl at fault. This is a big embarrassment and a big drop for GSC.

How can I browse GSC website now knowing about this story. This Sucks!!

Rated Article:

Posted: 2008-04-01 01:05:49
IP Logged as: 218.208.251.67

HomePage: http://www.gscwebsiteisugly.com

Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.11

Name: benjamin lee meng chuin	Comment: the best browser in the world is firefox !
Rated Article: Posted: 2008-03-31 12:22:16

Name: WaCKy-Angel	Comment: So what does this code do? I did some ticket booking last week but didnt noticed anything, except that its loading extremely slow. My pc is still fine now i think using firefox
Rated Article: Posted: 2008-03-31 09:50:47

Name: surfer	Comment: im using NoScript which is an addon for firefox. it blocks unknown scripts from running. the only disadvantage of this program is that the default whitelist is limited... meaning that u will have to compile the 'good' sites yourself and it takes a time.
Rated Article: Posted: 2008-03-31 02:20:19

Name: iStupid	Comment: goodness... IE really need the patch lar rather than WebServers or end users like us all.
Rated Article: Posted: 2008-03-31 00:54:50

Name: surfer	Comment: looks like the malicious code has been removed from GSC website
Rated Article: Posted: 2008-03-31 00:21:12

Name: Bone	Comment: true2 if its active X then well guess IE user are the people who are doomed haha...use firefox...can disable java script...so by right malicious code using java are pretty much wont be a bother...oo yeah IE suxx muehehehe
Rated Article: Posted: 2008-03-30 23:01:32

Name: Jayce	Comment: No problem with Firefox lo... Active X only :P
Rated Article: Posted: 2008-03-30 16:43:50

Comment on this article

< Prev		Next >