14 DAY TRIAL // Some people say hackers are working 24 hours a day and, sometimes, I really tend to believe it. For a hacker, compromising the site of a software company or a security vendor is like talking to God for a Christian, so they are really struggling to reach their goal. This time, they somehow managed to do it because some parts of the CA's page got hacked. According to PC World, the press release section of the website redirects visitors to a malicious page hosted in China, which apparently attempts to drop infections on people's computers.
According to reports, the attacks are based on the uc8010.com domain, a newly registered domain that attempts to exploit software vulnerabilities, such as the RealPlayer glitch discovered a few days ago.
"One of our readers noted that there are a number of state government and educational sites that appear to have been compromised with the uc8010 domain. Upon review, I see that some of these have already been cleaned up. However, the .gov and .edu sites are only a few of the many many sites that are turned up via google searches for the uc8010 domain. As that domain was only registered as of Dec 28th, compromises of websites probably occurred in the past week", Scott Fendley of SANS wrote.
What's interesting is that this new attack is similar to the one targeting the Dolphin Stadium website and the Super Bowl football games spotted last year. "It's exactly the same setup. It's JavaScript that they've managed to insert into the title or the body of the HTML", Marcus Sachs, director of the SANS Internet Storm Center, said according to PC World.
This time, you're advised to patch the vulnerable system, update your antivirus and avoid visiting malicious pages that may attempt to deploy infections on your computer. Also, the uc8010 domain should be blocked by your network administrator.