Opera's web portal reportedly deployed online banking trojan
Contributed by: Email on 11/19/2012 11:23 AM
[
Comments
]
For a brief time, at least a "few hours", users visiting Opera's online portal at portal.opera.com were exposed to malware, according to a report from anti-virus specialist Bitdefender. In older versions of Opera, this portal page is set as the default start page, while in recent versions it is easily accessible from the Speed Dial menu that appears when a new tab is opened.
The report says that the exploit code was injected into the Opera page via a third-party ad server. Apparently, the advertisement code created an iFrame in which the criminals embedded an attack page from the Blackhole exploit kit. The injected page then attempted to use a specially crafted PDF document to exploit an old hole in Adobe Reader and infect the system with the ZeuS banking trojan. The malware was hosted on a – probably also hacked – web server in Russia.
An Opera spokesperson told The Register that there is no indication of any user infections. Opera has temporarily suspended its advertising system.
The report says that the exploit code was injected into the Opera page via a third-party ad server. Apparently, the advertisement code created an iFrame in which the criminals embedded an attack page from the Blackhole exploit kit. The injected page then attempted to use a specially crafted PDF document to exploit an old hole in Adobe Reader and infect the system with the ZeuS banking trojan. The malware was hosted on a – probably also hacked – web server in Russia.
An Opera spokesperson told The Register that there is no indication of any user infections. Opera has temporarily suspended its advertising system.
Comments
