Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.
Instead of finding out information about the popular animated children’s TV show, the malware was finding out information about the Web site visitors. The attack is just the latest in a string of phishing, hacking and spamming attacks on interactive Web 2.0 sites.
Purewire officials found that the hijacked site shows malicious activity coming from a third-party .info domain. The URL serves exploits that target a variety of software vulnerabilities, including those in Acrobat Reader, AOL Radio AmpX, AOL SuperBuddy and Apple QuickTime.
PBS officials were not immediately available to comment on the attacks or what steps it took to remove the code. By Friday afternoon, the fake authentication prompt on the Curious George site had disappeared.
Purewire said the malicious domain—qxfcuc.info—was registered through eNom, a domain name registrar. The security research firm first stumbled onto the infection Monday after one its customers picked up the malware from the PBS.org site.