Sophisticated Malware Infects Philadelphia Tribune Website
Sophos the leading provider of software security has notified that the Philadelphia Tribune news website has contacted infection from a malicious program known as 'Mal/Iframe-N.'
In just one night, a number of high profile websites, of which one is a leading National Hockey League site, were found serving this fresh variant of Mal/Iframe-N. Another important website infected with this malware is that of the United States Treasury.
Explains Sophos, this specific Mal/Iframe-N version is treacherous as the malware isn't always visible while accessing the website. In other words, despite its presence, the infected site may seem uncontaminated. In standard practice, installation of this malware occurs through hijacked access information.
The original version of the malware was spotted in December 2009, which has has now appeared in a new incarnation, knows how to evade security software as well as how to hide from some browsers and security software.
Reportedly, this malware version behaves like a dropper. That is, when it runs itself on a computer and infects it, it implants another malware's payload, which further harms the system.
Apparently, the malware infection contaminates PCs by utilizing a script label rather than one simple frame, just like it behaved previously. This, therefore, implies that rather than utilizing the HTML script for appending the malware program to the script's "iframe" with the help of the 'onload' depiction, it utilizes the script's "document write" portion for introducing the computer virus.
The process thus enables it to remain hidden whilst a user accesses the website. So, albeit it continues to be there, its payload might not allow the user to know about it during each page view so that his system could get contaminated, the Sophos researchers disclosed.
In the meantime, high profile sites getting contaminated with malware isn't new. For, in February 2010, a malware attack struck the Star Tribune website. In that attack, the malware crept in through an advertisement.
Hence, to avoid malware infections, specialists advise the use of security software that should be kept up-to-date. As for this latest instance, web admins have recommended that they must reset all access data during their clean up exercise of Mal/Iframe-N.
Related article: Substantial Growth in Organized Cybercrime in 2008
» SPAMfighter News - 15-05-2010