Websites Hosting Malware Increases to 66,000 & Still Rising
In November 2007, Websites infected with malware increased to a staggering number of 66,000 and they continue to add, although most anti-virus solutions are capable of detecting the malicious programs. A major source of all these applications has been the malicious yl18.net script. There has also been a doubling of the number of Websites that the script has infected, says SANS Internet Storm Institute's Mark Hofman. Ars Technica reported this on November 12, 2007.
Hofman further thinks that the script is the same malware that emerged from the infection in the Super Bowl in early 2007 and struck nearly 200,000 Websites. After a bit of research, Hofman discovered that the February infection shot out from several of the same computer servers that are operating this time too, including Zj5173.com and 137wg.com. The February malicious script used the SQL injecting method to hack and change site contents and compel visitors to download executable files. SANS has observed the same style of activity this time too.
Attacks launched in two stages and use concealed iframe code to deface Websites and then lead visitors to malware-hosting Websites where their computers get infected have become too common. MPack, the malware developing tool, often applies this technique. In April this year (2007), a security company reported that the Website of ASUS (that makes motherboards) allowed the presence of an iframe code on its pages that exploited vulnerability in Microsoft Windows' manner of using animated cursors to drop infectious malware on victims' computers.
The iframe attack seems to have a connection with Chinese servers, according to the SANS Institute. These servers frequently allow the launch of attacks on government as well as consumer PCs. Not only the small sites but the larger ones too have been vulnerable to malware. Recently, the Indian news site, IndiaTimes, started to download malware on its visitors' computers, Mary Landesman, Security Researcher at ScanSafe wrote on the firm's blog. Ars Technica reported this on November 12, 2007.
The selection of old vulnerabilities suggests that attacks may have been carried out with the Metasploit Framework. Exploiting it successfully leads to massive malware downloads, Landesman added.
Related article: Websites – The Latest Weapon in The Hands of Phishers
» SPAMfighter News - 23-11-2007