Tuesday, February 12, 2008

Legitimate websites spreading viruses after being secretly hacked

(CNN) -- Internet researchers were scratching their heads over an attack that targeted some of the most popular sites on the Web with a trojan virus that exploits flaws in Microsoft's Internet Explorer Web browser.
The malware or virus doesn't affect Firefox, though it's probably because only Internet Explorer has all those security problems.

Several websites on the internet ( Web security company ScanSafe has reported a new mass infection of websites, which it claims accounts for 15% of the web traffic the company blocks.) are being targeted by unknown hackers.

They secretly hide a javascript code in the main pages of the website which detects which browser you are using and if it is Internet Explorer, it sends you a virus.

The script looks for various vulnerabilities specific to the visiting OS, and when it finds one pulls a .Mov file from the domain dedicated.abac.net. That in turn invokes a file from bds.invitations.fr, which installs a backdoor on end users' machines. Victims are unlikely to know they've been infected because the installation is clear and seamless, and the malware uses few PC resources. At last check, only three of 33 antivirus programs detected the malware, which appears to be a derivitive of the Rbot Trojan.

The outbreak coincides with another mass infection in progress that's infected tens of thousands of pages, including those of Boston University, security provider Computer Associates, and agencies from the state of Virginia and the city of Cleveland. It infects websites running Microsoft's Internet Information Server web program and the company's SQL database with links the redirect users to servers in China. The malicious sites then try to install keylogging software and other nasties.

Thanks to Mary Landesman of ScanSafe for the initial report on the topic

No comments:

© FunDa of www.FunDaZone.com
Subscribe to these websites at
FunDaZone.Com RSS feed

More tips and tricks for softwares and websites !!!

RSS syndication