Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cyber-criminals hack US Media Websites for Redirection Assaults

According to security experts, cyber-crooks recently compromised websites belonging to popular U.S. media companies and used them for diverting visitors onto malware-serving sites, published softpedia.com, May 7, 2013.

Also, as per these experts, the hijacked websites comprise URLs of Federal News Radio, WTOP Radio, Real Clear Science, The Christian Post, Real Clear Policy, one picture aggregator, one well-known scuba diving organization, and more, all Washington-based.

The cyber-criminals inserted an obfuscated JavaScript inside the websites to unleash an iFrame, which diverted end-users onto a ZeroAccess Trojan-delivering website or another serving bogus anti-virus. Investigators at Zscaler a security company theoretically assume that they possibly relate with certain common backend ambience.

Zscaler elaborates that assaults targeting consumers normally rely on social engineering
tricks following which potential victims most necessarily should be persuaded towards accessing certain website, taking down certain file, and so on. Consequently, the assaulters will create one script that'll thoroughly search the Web while seeking well-known websites having an identical vulnerability as also whilst detected, insert malware inside such sites. Like this, anybody accessing the lawful website that has been contaminated may turn into a victim, the company explains. Help Net Security published this, May 7, 2013.

Zscaler further states there's another identical feature about the assaults, i.e. the compromised websites receive the hosting service of robust Domain Name System (DNS)providers as also that the diversion assaults start off solely when detection occurs of potential victims browsing through Internet Explorer. For any other Web-browser, the assaults don't happen.

Remarking about these assaults, Security Engineer Eddie Mitchell at Invincea another security firm stated that compromises similar to those were especially hard for detecting. More assaults, which might attempt at enticing end-users onto fake sites, could get easily eschewed via ordinary anti-malware. However, by attacking websites, which people believed as also accessed habitually, the attackers had an improved opportunity towards bypassing those defenses. Washingtonpost.com reported this, May 7, 2013.

Moreover, according to Mitchell, considering how immensely miscreants concentrated on WordPress since long while trying to compromise lawful URLs so as to divert web-traffic onto malicious pages, the above assaults weren't any surprise. Threatpost.com reported this, May 7, 2013.

ยป SPAMfighter News - 5/14/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page