Sep 7, 2010 09:41 GMT  ·  By

Several websites from the TechCrunch Network, including TechCrunch Europe, MobileCrunch and CrunchGear fell victim to a code injection attack, which served malware to visitors.

Founded in 2005, TechCrunch is one of the most popular technology blogs on the Internet. Since then it has evolved into a network or websites operated by the same organization.

Yesterday users started receiving malware warnings from their browsers and antivirus programs when accessing several of these sites.

TechCrunch Europe confirmed the problems on eu.techcrunch.com via its Twitter feed. "We're aware of the (annoying) malware warning about the @TCEurope site, thanks everyone. Trying to fix ASAP," the annoucement read.

The warnings were caused by malicious JavaScript code injected into the website's pages, which was loading an exploit kit hosted on an external domain.

The exploits tried to infect visitors with a version of the Zbot trojan, which is commonly used by cybercriminals to steal online banking credentials, credit card details and other sensitive information.

In addition to TechCrunch Europe, MobileCrunch (mobilecrunch.com) and CrunchGear (crunchgear.com) were also affected.

The corresponding Google Safe Browsing diagnostic pages reveal that all three websites were hosting suspicious content yesterday.

According to Denis Sinegubko, the creator of the Unmask Parasites scanner, the compromises were part of a larger mass injection attack targeting sites hosted at RackSpace.

TechCrunch uses WordPress as a platform across its network, but the same infection was reported on sites running Drupal, pointing to a problem within the hosting environment and not the Web applications themselves.

"Ideally TechCrunch will post a message on its site (on the TechCrunch Europe site, at least) informing users about the incident and advising that they check their PCs with an up-to-date anti-virus.

"I don't see any message to that effect yet on that site - but I'm hopeful," Graham Cluley, senior technology consultant at Sophos, commented.