Compromised Websites, A Common Threat On Today’s Internet
According to Senior Security Analyst Rik Ferguson from Trend Micro, it is really unfortunate that compromised websites have become a constant companion of today's Internet surfers. Zastita.com reported this on August 3, 2009.
Indeed to establish that his observation is right, Ferguson cites an instance in which the website of a leading music producer in Britain was hijacked during the 4th week of July 2009 and which remained in the state of compromise for two days or so.
Understandably, the website's compromise occurred via a malicious script which diverted visitors onto a domain that researchers such as Ferguson at Trend Micro identified as a familiar medium for infection.
Moreover, Ferguson seized a 'No Script' dialog box with which he demonstrated how the con-artists or hackers and malware distributors compromised the site.
Also, reports about the particular website compromise that Trend Micro released disclose that the hijacked web-pages of the site were identified as HTML_YBLOD.A, which on execution pulled down malware from the net. Nevertheless, the payload that affected a visitor's computer comprised different samples including the malicious programs - BKDR_RUSTOCK.ER, BKDR_RUSTOCK.GM, TROJ_PATCHER.AM, TROJ_TEDROO.E and TROJ_PATCHED.P.
States Trend Micro that even a single one of these programs could sufficiently create problems for users and having just that much malware come via just a single medium proves how severe an attack can be from a hijacked website for both website owners and visitors.
Therefore, eventually the onus of securing websites properly falls chiefly upon webmasters. Consequently, the optimum practices like using hard-to-crack passwords and updating security software are simply a necessity today, Trend Micro researchers conclude.
Meanwhile, with incidences of website compromising, Trend Micro says that people should also be careful when they browse a known authentic website since even such a site too at times could be unsafe. That is, a known authentic site could as well be compromised resulting in the download of malware on a user's PC.
Further with a greater number of Internet users now, Trend Micro specialists advise users to remain more aware of Internet attacks and the type of damages they could do to them while using a website.
Related article: Compromise of Personal Information of UI Employees
» SPAMfighter News - 12-08-2009