Blogger Uncovers Sophisticated Malware Attack Involving Webhost IPower
A blog writer who covers several sex partners, kink and many other topics has discovered an attack that was carried out sophisticatedly to install malicious code on users' systems by conquering a large number of websites, a big webhost maintained.
US-based webhost IPower, which was involved in an earlier large-scale breach, was once again at the center of a hacking incident of thousands of websites that redirected traffic to nasty malware installation sites.
Back in May, researchers at StopBadware.org noticed that IPower-hosted 10,834 sites listed on the Stop Badware Index that refers to those sites that Google and its partners have detected to contain code capable of damaging a user's system.
The figure indicating the number of malicious sites IPower hosted suggests that there was a systematic compromise of IPowerWeb letting hackers to install their hostile code, with a fair chance that a 'cpanel' bug was exploited for the purpose. IPowerWeb runs this cpanel on some of its servers at least.
Thomas Gorny, CEO of IPowerWeb, said via e-mail that the problem was fixed, but still some IPower-hosted websites were redirecting traffic to malicious sites. The Register published this in news on December 14, 2007.
According to blogger Franklin Veaux, the thousands of hacked websites ranged from a forum in Chinese-language to the reelection website of a Californian council man. The Register published this on December 14, 2007.
Crooks thrust an html code into each of the compromised sites with terms like 'polyamory' and similar hot keywords in attempts to draw the notice of the page-ranking algorithms of Google. On clicking the search hit, Google users are were driven to the exploit sites.
The drive-by sites tried to hose visitors' systems with a number of known exploits. If the exploits didn't work, the sites enticed the visitors into downloading a dangerous Trojan, Veaux said.
In the meantime, a campaign has been started by IPowerWeb's new customers to boycott the webhost company. The clients have filed a lawsuit against the company for financial losses incurred to them as a result of business interruptions when IPower passed on to new hosting platform and servers.
Related article: Balasore Police Took Nigerian into Custody for Online Lottery Scam
» SPAMfighter News - 29-12-2007