<<<
Monday, August 17, 2009
>>>
 
IntegrIT Web Server Compromised, Redirects to Porn Site? Posted by WebSecurity @ 10:29 GMT

We received a report that the popular IntegrIT website was suspected to be compromised and performing a redirect-link to a pornography website. The case occurred when the user searched for "integrit" (without quotes) in a search engine.

search_integrit

We inspected the www.integrit.ru contents and found no suspicious code, hence we suspect that the www.integrit.ru Web server configuration files (htaccess, etc.) redirecting the client browsers were compromised.

referer_integrit

This was the page we were redirected to when the HTTP Header containing the "referer" parameter (above) was detected:

redirected_integrit

This is what you would get without the "referer":

actual_integrit

A few search engines were tested and only two search engines (Yahoo! and Google) were redirecting users to the pornography website; the other search engines (Bing, Altavista, Ask, and Lycos) were not affected.

Users who type the web address "www.integrit.ru" directly into their browsers won't see this redirection.

The website owner was informed and our users are protected.

Web Security team post by — Chu Kian

—————

Updated to add: Currently the .ru domain is not resolving, though the redirect is still occurring.






<<< Twitter Turned Botherder
|
0wn1ng Delphi >>>