Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Web attack primes sites to infect visitors
Published: 2007-11-09

Online fraudsters have compromised a large number of Web sites this week in an ongoing attack that installs hidden iframe components to redirect visitors to sites hosting malicious code.

So far, the attack has compromised hundreds of domains and more than 50,000 Web pages, according to handlers at the SANS Institute's Internet Storm Center. The attackers may be linked to a similar defacement in January that led to the Web site of the Superbowl venue, Dolphin Stadium, being hacked, ISC handler Mark Hofman stated on Friday.

"The good news so far is that the executable being downloaded seems to be detected by most AV (antivirus) products," Hofman wrote.

Two-stage attacks involving defacing Web sites with hidden iframe code, which then redirects visitors to malicious Web sites that infect their computers, have become increasingly common. Infection tools, such as MPack, frequently use the technique. In April, a security firm reported that motherboard maker ASUS's Web site had hosted iframe code that used a flaw in how Microsoft Windows handles animated cursors to infect victims' PCs.

The attack appears to link back to servers in China, according to the SANS Institute. Chinese servers have frequently been used in attacks on consumers, as well as government computers.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus