The Internet just got that little bit more dangerous with the news that a new strain of malware is infesting websites with dodgy JavaScript – and has hit over 40,000 websites so far.
According to an article over on
ComputerWorld quoting Internet security firm
Websense, a large number of websites have fallen prey to the attack – and are attempting to infect the PCs of visitors.
The web resident malware uses JavaScript to redirect visitors to a fake Google Analytics page, which then attempts to make use of vulnerabilities in Internet Explorer and Firefox to install malicious code on systems that visit the site.
This malware is somewhat smarter than average, however: should the automated infection process fail – as would be expected on a fully-patched system – the site displays a warning that the PC is infected with malware which, amazingly enough, the site is able to cure if you would just download a free little program...
The root domain hosting the malicious code is hosted in the Ukraine, favourite hiding place of the criminal gang the Russian Business Network – a group which was thought to have dissolved some months back.
Although the initial infection vector is not known, it's thought that the 40,000 affected hosts were compromised by the traditional method: SQL injection attacks. The sheer volume of websites affected by the attack points to an automated system, rather than targeted attacks by individual crackers.
As usual, the advice is to ensure that you keep your system – and especially your browser – up to date in order to protect yourself from these threats. Firefox users can also make use of the
NoScript addon – although this doesn't protect the gullible from the social engineering aspect of the attack.
Have you noticed any dodgy-looking 'Google' pages trying to convince you to download suspicious software, or is 40,000 infected sites merely a drop in the ocean and nothing to worry about? Share your thoughts over in
the forums.
Want to comment? Please log in.