A large number of websites not related to each other have malicious scripts that tend to infect computers when the sites are open on their browsers. The contaminated malware attempts to exploits known flaws in Windows to download and install keylogger and backdoor trojans on the system, according to warnings of security experts.
Marcus Sachs, director of the SANS Internet Storm Center posted a list of nearly 50 sites on a blog on February 4, 2007 that include in them the malicious script.
Sachs compiled a list of domains that facilitated site hacking and had connections with the same attack. Many of the domains host sites on medical care. While many of them have been cleaned and some even withdrawn Sachs and his associates think the attack could still be vibrant somewhere.
At least 50 websites became victims to the attack. However, all those sophisticated sites were rectified and restored and they no longer exposed visitors to risk, said Johannes Ullrich, chief research officer of SANS ISC.
SANS ISC is investigating what helped compromise of so many websites. The organization is on top job to find out if an un-patched version of Microsoft's Internet Information Server (IIS) software was running in each of the sites that enabled their compromise. Ullrich said there could be other factors as well such as some common content management system installed on the servers.
» SPAMfighter News - 13-02-2007