Slashdot Mirror

← Back to Stories (view on slashdot.org)

10,000-website Strong Malware Maze Created by Criminals

Posted by Zonk on from the i'm-sure-you'll-come-out-fine dept.

Stony Stevenson passed us an ITnews article about the newest scam in online crime. Some 10,000 web pages have been rigged by IT-minded criminals, with the aim of hijacking unsuspecting PCs. The site reports that the users are redirected through a maze of malware, all with the goal of gaining access to personal user information. "The reprogrammed web pages are probably victims of an automated attack that included scanning the internet for unsecured servers and planting a piece of JavaScript code that redirects to a site in China to serve up the malware. The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC. A back door also allows the subsequent installation of additional malicious programs. McAfee Avert Labs first spotted the attack on 12 March. 'Of the 10,000 pages that were compromised a number have already been cleaned up,' the firm stated."

9 of 118 comments (clear)

  1. Re:Another oblig by LMacG · · Score: 5, Funny

    Or for us older folk:

    You are in a maze of twisty little web pages, all alike.

    --
    Slightly disreputable, albeit gregarious
  2. Re:Including Slashdot? by CRCulver · · Score: 5, Insightful

    In addition to sandboxing, browsers should ship with NoScript or equivalent functionality built-in.

    Most of the sites that most of the average public uses are heavy on Javascript. A web browser shipped without support for JS by default is not going to win many users.

  3. We should make vbscript the standard... by syntaxeater · · Score: 5, Funny

    ...then we wouldn't be having these problems.

  4. The Question Webmasters Have Is... by ausoleil · · Score: 5, Insightful

    ...how do we check our sites to ensure that this code has not been planted. The article gives no clue at all. It doesn't even identify if is platform or technology specific, etc. Just that someone else has set up a huge botnet.

    Even sysadmins and webmasters that use best practices and diligently patch, etc. can be gotten because there are always undisclosed holes that are utilized. In fact, were I in that game and I figured out something to defeat security, it would keep it under my ragged black hat and never share that info.

  5. Great Threat Research by metalman · · Score: 5, Insightful

    "Often you hear warnings about not going to untrusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs... That is good advice, but it is not enough. Even sites you know and trust can become compromised."

    In the old days it was easy to avoid malicious sites. Now even your neighbor could be the terrorist... err..I mean.. even sites you know and trust can become compromised.

    At least this threat researcher offered a calm analysis with plenty of advice about how to avoid such attacks without recoiling from the web in fear.

    MUST BUY MCAFEE...

  6. It is pitch black. by circletimessquare · · Score: 5, Funny

    You are likely to be eaten by a script kiddie.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. NoScript is a no-go by ivan256 · · Score: 5, Insightful

    Why not just disallow redirection and loading of off-domain/off-host data from scripts?

    Disabling scripts entirely disables dangerous behavior, sure... But is also disables lots of desirable functionality that most people want.

  8. can anyone tell me the checksum of the code? by 3seas · · Score: 5, Informative

    I discovered my site had a directory and just under 2500 pages added to it. The directory and file dates are January 9th 08 and every one of the html files has the same script code in it. My research turned up indication of two mass site hacks in January.

    A google search for threeseas.net/blogger/log/cache/ (cache being the directory that contained the files [past tense]) shows up about 4500 site pointing to one of the files in that directory. Some of the findings are even sourceforge sites and you can tell they have been hacked as well. In other words there are a lot of hacked sites besides mine.

    I notified google this morning and my host has already removed the files from my site as the owner and group were set that I couldn't do this myself.

    anyways rather that posting the code, a check sum would be better of the code starting with teh word "function" to the end of the code.

  9. Save us by DiscoLizard · · Score: 5, Funny

    McAfee Avert Labs described the assault as "one of the largest attacks to date of this kind".

    The attack serves as a reminder that even trusted websites can be malicious, McAfee warned.

    "Often you hear warnings about not going to untrusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs."That is good advice, but it is not enough."

    McAfee Avert Labs first spotted the attack on 12 March.



    I wonder who can sell us some sort of software to guide us out of this maze of evil webpages?