Hackers Compromised Media-server.net in Code Injection Campaign
According to Websense's Security Labs, 'media-servers.net', a website of an established Internet media company, has become a victim of hack after cyber attackers recently targeted it in a malevolent code injection campaign. In fact, the campaign has compromised numerous genuine websites.
The attack has been happening for last many months, Websense said. To begin with, it scrutinizes online sites for security flaws or vulnerable codes, and if detected, it would inject malicious Iframes into the sites that deliver different payloads.
Till November 9, 2009, the payloads that have attacked users visiting the infected websites comprise three Microsoft flaws - Snapshot Viewer flaws, Data Access Components, and DirectShow. Apart from the exploits of Microsoft, there are two exploits, which target Adobe Acrobat and Adobe Reader along with heap based overflow exploits from AOL ConvertFile().
Confirming the incident, Carl Leonard, Websense Security Labs Manager, stated that the attack indeed depended on security flaws in poorly secured websites, as reported by The Tech Herald on November 9, 2009. Leonard added that the conmen hunted for these flaws and then abused them to insert malevolent scripts inside the websites so that they could compromise unsuspecting visitors while the latter remained unaware of the drive-by assault.
Standard anti-viruses have very low potential to detect the malicious script, according to the researchers at Websense. According to Leonard, merely 2 out of 40 antivirus agencies presently could detect the script after it has been downloaded, as reported by ComputerWeekly on November 9, 2009.
Recommending that Internet users should deploy efficient security software, Leonard stated that users must utilize real-time protection against the threats at the very outset, evading infection along with preventing it from spreading. Moreover, website administrators must as well examine their codes, while ensuring that they are up-to-date and error free.
Security researchers further stated that such attacks weren't new. During March 2008, more than 29,000 websites were attacked with an analogous injection assault, which aimed at Trend Micro and several other legitimate websites. The purpose then was to seize Internet gaming passwords and website credentials.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 20-11-2009