The official site of the Nobel Peace Prize has been compromised by using a malicious PHP Script, and has been found serving malware by taking advantage of a Firefox zero-day vulnerability.
Mozilla has acknowledged the existence of the flaw, and says that the patch will be out as soon as the testing is completed. The vulnerability affects versions 3.5 and 3.6 of the browser, but the script targets only the 3.6 version. Also, if the user runs Windows Vista, 7, Server 2008 or Server 2008 R2 – the exploit will not be triggered. Why the attacker has chosen to limit the reach of the flaw is unknown – says Trend Micro.
The vulnerability allows a “drive-by-download” to be executed without the knowledge of the victim, and the downloaded backdoor connects to malicious servers from which the criminals can affect the system by sending commands. Currently, those servers are blocked, but more could pop-up.
The zero-day vulnerability is not present in the Firefox 4 Beta version, but until the testing is finished, Mozilla recommends using add-ons that prevents scripts to be run.