Bulk Injection Assault Aims at Websites of Bluehost
According to the security researchers at Sucuri a provider of web-integrity monitoring services, a fresh attack of bulk injection type is aiming at websites that BlueHost hosts. The attack, reportedly, has victimized Matt Heaton himself the CEO of the company via compromising his blog as well as leaving fake anti-virus software or rogueware spreading.
Also it's reported that the malicious code, which's embedded on the pages of the hijacked websites, with the help of base64, which encodes binary database, is so encoded that detecting it becomes really hard. Though not disguised, the code in the form of a <script> item connects with the online site namely domianameat.cc.
This site hosting the malicious software recently got registered on June 25, 2010. Among its activities, the domianameat.cc diverts Web-surfers onto http://www3.workfree23.net that loads rogueware.
In addition, an .html file directory named ".files" too gets created inside every compromised blog's root folder. An assessment of its page names suggest that these pages in all probability are utilized for BHSEQ (Black Hat Search Engine Optimization).
Sucuri's researchers, after conducting an examination of a few websites, reported that it was during 9am-10am on June 27, 2010 that all these websites were hijacked.
Furthermore, the researchers stated that they were investigating the new attack, particularly to find out its scale.
According to them, the attack quite resembles the one which made an impact on GoDaddy recently. In GoDaddy's instance, the code injection downloaded more malicious scripts from indesignstudioinfo.com and zettapetta.com. Subsequently visitors on those sites were diverted onto a scareware site that exhibited a bogus scan for viruses. 24 anti-virus engines from a total of 41 on VirusTotal could detect the FAKEAV spread through the attack.
Meanwhile, to remain safe from the malware purveyors, security specialists recommend certain tips. First, end-users must make sure their software is up-to-date as most of these assaults exploit software bugs. If up-to-date anti-virus software is installed then it can spot and clean the malevolent code off the PC.
Besides, more tech-savvy computer-users may prefer browsing with Firefox having a no-script plug-in as that'll prevent the execution of the malevolent code on their PCs.
Related article: Blogs With Malware Make Them Risky
» SPAMfighter News - 16-07-2010