  The translation workplace | |||
| |||
| |||||||||
ProZ.com and SecurityThe ProZ.com site team takes its responsibility to protect the private data of site users very seriously. Should there be any incident involving a breach of security, details will be posted here. Potentially malicious JavaScript run via banner ads on February 23, 2011Note: the incident described below could potentially have affected up to 8000 site users. Chances are you were not affected, but please read the following and take the precautions described if you feel you meet the description of one of the potentially affected users. On February 23, 2011, banner ads which may have included malicious JavaScript code were displayed on ProZ.com. In at least one instance, a user who viewed the banner ads received an intrusion alert from her Norton Internet Security software, reporting an "MSIE Java Deployment Toolkit Input Invalidation" attack. This type of exploit could allow an attacker to install a Java application on computers with vulnerable versions of Java. ProZ.com staff have not been able to reproduce such an attack from viewing these banner ads. However, the conditions in which the ads were displayed made such an exploit possible, and given the report from an affected user the decision was made to take down the banner ads and issue this announcement. ProZ.com has updated its advertising policy to disallow third-party advertisements from containing scripting or active content that might pose a similar threat in the future. Many thanks to member Alison MacG for bringing this issue to the attention of ProZ.com staff. Frequently asked questions about this incidentWho was affected? Any user who viewed a ProZ.com page containing these banner ads between 12:30 and 22:30 GMT on 23 Feb 2011 could have been affected. The banner ads in question were for "24-Hour Fitness". They were displayed to users who appeared to be in the United States, Canada, or the United Kingdom. Though the ads were shown to only a small percentage of users, if you accessed ProZ.com during this time it is possible that you may have been affected. Email notification has been sent to users who appear to have viewed pages containing the ads in question. Of the users who viewed pages containing the ads, those running affected versions of Java were vulnerable to the reported attack. The vulnerability was introduced in Java 6 Update 10, and fixed in Java 6 Update 20. What was the affect of running the potentially malicious code? Because ProZ.com staff have not been able to reproduce the exploit, it is not known what the potentially malicious code would do if it had been allowed to run. The "MSIE Java Deployment Toolkit Input Invalidation" attack reported by the Norton Internet Security software could have allowed an attacker to install a Java application on vulnerable computers. More information about this type of exploit can be found at the following links:
What should I do if I may have been affected? Users who may have been affected by this incident are encouraged to scan their computers for malicious software using a tool such as the free MalwareBytes Anti-Malware utility. If any malicious software is found, follow the utility's instructions to quarantine or remove it. If you think you were affected by this incident, please notify ProZ.com staff by submitting a support request. How can I test if I am vulnerable to this type of exploit? It is possible to test how an attack like this might affect you by visiting this test page created by the person who originally discovered the vulnerability. That page will attempt to make your computer run the Windows calculator program (calc.exe). If the calculator runs without your consent, you are vulnerable to exploits of this kind. How can I protect myself from this type of exploit in the future? Upgrade to the latest version of Java. How could this have happened? The banner ad code supplied by the advertiser contained HTML which loaded JavaScript from a third-party server, outside of ProZ.com's control. This could have allowed an attacker to serve malicious JavaScript code to users who viewed pages containing those ads. What steps have been taken to prevent this type of incident from happening again? ProZ.com has updated its advertising policy to disallow third-party advertisements from containing any scripting or active content, so that this type of incident cannot happen again. I'm on a Mac. Should I be worried? Macs may also be affected, if you are running certain older versions of Java (less than version 1.6.0_20). If you are running Mac OS X 10.5 Update 7 or higher, or Mac OS X 10.6 Update 2 or higher, you should be protected from this exploit. I run a Linux (Ubuntu) system. Is this virus likely to have infected if I have a vulnerable version of Java? Possibly. The vulnerable Linux versions of Java have the same logic error as the Windows versions, but it appears that different attack code would be required to exploit the vulnerability in Linux than in Windows. If that's correct, it seems unlikely that the reported attack would affect Linux systems. Some technical details can be found here: http://www.exploit-db.com/download/12122 I have a question not addressed here. Who should I talk to? Please ask via ProZ.com's online support system. The support team is standing by to answer questions related to this incident. As questions come in, they will be added with their answers on this page. Past incidents: Potentially malicious JavaScript run via banner ads, February 2011 | Breach of private profile data, June 2009 |  |
 |
