IndiaTimes.Com Visitors exposed to Malware

A ScanSafe Advisory reports that IndiaTimes.com a news and entertainment website from India and owned by Times Group exposed their site visitors to Malware recently. Mary Landesman from ScanSafe writes in her blog

The installed malware included a cocktail of downloader and dropper Trojans, assorted other malicious binaries, and large amounts of scripts, cookies, and other non-binaries. We ran some of the binaries through VirusTotal and looks like overall detection among signature-based antivirus vendors is low. Given the nature of the downloaded files, it appears the malware may be intended to create sites used to attack others or that there may be some malicious peer-to-peer or other filesharing/communication purpose. ScanSafe continues to analyze the attack and we'll update the blog and our Threat Alert Center with those findings.

Mary Landesman further writes that

we notified the India Times folks via email and by phone on Thursday. Unfortunately, the person we spoke with indicated that it was a holiday (Diwali) in India and they would be unlikely to fix the problem until Monday. They declined to provide us with another contact or to escalate our concerns. As a result, we felt compelled to contact the media