Hacked Websites Increasingly Serving Trojans: Webroot

As said by Andrew Brandt, a security researcher with the security firm Webroot, a wave of cyber attacks has hit numerous websites. The attacks covertly infect unwary visitors with an array of malware variants, as per the news published by infosecurity.com, on April 23, 2010.

He says that the first wave intruded bogus anti-virus code on ill-fated victims, but in the third week of April 2010, the victims who browsed infected websites were forwarded to a drive-by download portal which pushes clickers.

Reportedly, attackers have modified the affected websites to add obfuscated, malicious Javascript code to each page's footer, saying that a few Web hosts are attempting to inform customers or solve the problems.

The list of websites affected by the attacks is global. It includes a car dealership Web site in Indonesia; the English-language page of a government website of Ministry of Women's Affairs; a newspaper in Florida; and the Web site of a Spanish lawyer's association. As of now, the visitors to this increasing list of Web sites continue to get attacked with Trojans.

According to the threat blog posted by the security firm Webroot, the malicious script, in earlier attacks which started on April 5, 2010, directed the victims to a Web page hosting Eleonor exploit kit. This kit makes use of various well-worn methods in an attempt to push executable malware---typically Tacticlol downloader, which is still used by malware distributors to push rogue antivirus software-- at vulnerable browsers, or systems that are running vulnerable versions of the Java Runtime Engine or Adobe Acrobat.

However, the script, during the third week of April 2010, started redirecting the victims to a Web page on yahoo-statistic.com, a website which, regardless of its name, has no concerns with the giant portal. This Web page that loads in an iframe opens up other spiteful websites that trigger the infection.

According to the security experts, cyber criminals can earn huge bucks by signing up as advertising associates, then making use of clickers so as to drive the infected systems to load pay-per-click advertisements. Devious firms may also employ clickers so as to load advertisements from a rival firm. This can prematurely use up pay-per-click ad budget of the victim company.

Related article: Hacked Mall Websites Leave Little Impact on Business

» SPAMfighter News - 5/6/2010