Don't go to GSC website!
Sunday, March 30, 2008 | Labels: Websites | |Update (31/03/2008; 7:50PM GMT+8): And the exploit is gone. So its safe now.
I just read the latest news from Lowyat.Net, and found out that the official website of Golden Screen Cinemas (GSC) of Malaysia, has been hacked. Apparently it is using some sort of malicious javascript that allow it to be installed to steal passwords. Err, does that make any sense? Here is an excerpt from SANS website:
Over 10,000 legitimate websites have been compromised and now have a javascript link that will direct visitors to a malicious website hosted on 2117966.net. The malicious website attempts to exploit the vulnerability described in MS06-014 MS07-004, MS06-067, MS06-057and a number of ActiveX vulnerabilities.
Successful exploitation result in the installation of a password-stealing malicious program that attempts to steal the logon credentials from websites and online games.
Apparently this will only work on Internet Explorer (ActiveX anyone?). So, if you are using Firefox, you have nothing to worry about. In fact, I tried to load that website, and Firefox gracefully told me that the website is not safe.
If you are running Windows (but most of this blog's visitors are using Linux of some flavor; good for you!), you might want to update your antivirus definitions, and start scanning!
So how are we suppose to book the tickets for "The Death of Ian Stones"??? Kena jumpa hot chicks over the counter??? let me do it!!!