Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

132,000 Web Pages Infested with Malware Links

On December 10, 2009, an SQL-injection assault contaminated a huge 132,000 websites as it installed malicious software from 318x.com. Subsequently, the attack planted a backdoor Trojan -Buzuz that featured a rootkit. Buzbuz is known for stealing financial data like credit card particulars.

ScanSafe discovered the attack for the first time on November 21, 2009. Subsequently, it reported about the attack on December 9, 2009 when some 125,000 websites had been affected. The report states that the sites affected include knowledgespeak.com, parisattitude.com, and yementimes.com.

The affected sites are hosted at different geographical locations and bear different sizes. These factors become evident when the iFrame is searched on Google.

Users who access the infected web-pages find a hidden link which downloads code from several websites connected to 318x.com. If the host computer contains un-patched versions of Internet Explorer, Adobe Flash or any other Microsoft program, then the code exploits them so that malware called Backdoor.Win3.Buzus.croo is installed, said Mary Landesman, Researcher at ScanSafe, as reported by TheRegister on December 10, 2009.

According to Landesman, it appears that a new malware gang is behind the particular SQL-injection assaults. The ScanSafe researcher also states that she isn't quite certain that the gang is adequately accustomed to the method of attack. Though it might be an experienced attackers gang, this large-scale website assault is their foremost attempt.

ScanSafe in an advisory states that the attack seems to be an ongoing project, since the company has come across the malware codes employed during the attacks' final stage. ScanSafe finds that certain codes are being changed and some eliminated with new ones brought in. Several files are .jpg files, while most have the .js extension.

The security researchers commented that the latest mass website attack was one more instance of sophisticated attacks. Other such advanced attacks produced links in a dynamic way that caused great hindrance to researchers in locating them via online searches. For example, the Gumblar attack, which installed attack codes directly on compromised websites, posed immense problems to white-hat experts in removing the unwanted elements.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 21-12-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next