August 31, 2011

instantshift.com (Alexa ~5000) was briefly compromised


The site Instantshift.com was compromised on August 28, 2011. It was then quickly fixed.  

InstantShift is a leading design resources community for Web designers and developers. It is worth noting that the compromise of a Web site like instantshift.com may lead to mass compromises, as many other Web site owners may potentially get compromised by accessing this site for design templates, among other resources. At this point, we have detected other Websites compromised with the same injected code. Websense Security Labs will continue to monitor the malicious injections closely and provide protection against them. 

Websense customers are protected from Web-based threats by ACE, our Advanced Classification Engine


Compromise Details



Exploits are sent via the injected iframe. This process happens silently when the attack page is loaded. The exploits are loaded from one of the most prevalent exploit kits today - the Blackhole exploit kit. Any successful exploitation results in the Zeus/Zbot Trojan being installed silently on the user's machine. The malicious contents are currently cleaned up.




Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.