Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Legitimate Websites becoming Popular Targets for Hackers

A large number of websites mostly under the operation of small firms in the UK were found infecting visitors with malicious JavaScript and observed deploying various stealth and anti-detection techniques to prevent security researchers from finding the attack details. Such were the observations by Web security firm, ScanSafe.

Security researchers with ScanSafe said that genuine websites that steadily generate streams of unsuspecting requests from surfers are increasingly becoming targets for malicious hackers, with frighteningly frequent cases of compromises. The websites demonstrate characteristics of underhand ploys of attacks when a user accesses them. These sites cause infection to visitors by using a JavaScript code that is randomly generated and which changes its name every time a person accesses the website.

While some of the hacks relate to message defacements exhibiting personal boasts, others largely display political and ideological messages. Cyber criminals today know very well about the existing vulnerabilities in websites and so they appropriately inject their malware for hijacking victims' system and stealing data from them.

These attacks implant hidden JavaScript or iFrames into flawed web pages, taking advantage of the vulnerabilities to quietly install trojans and backdoors on the PCs of the visitor on the website.

The recent types of compromised websites use a wide range of unusual techniques. The infected pages serve a JavaScript-coded file, which hunts for flaws in the visitor's operating system in order to implant malware. The malicious JavaScript is stored in a .js file, which surprisingly lies on the same hacked server, rather than on the remotely located dedicated server to which the hacked sites redirect traffic.

Senior Security Researcher of ScanSafe, Mary Landesman, said that these kind of attacks usually inject a code into the web pages where it remains static. The JavaScript created here and referred to is dynamically generated. Computerworld published Landesman's statement on January 14, 2008.

Apart from making identification of the malicious sites very difficult, the mechanism also bewilders security researchers who are unable to figure out the hacking method that is not a common redirection type, rather one that requires higher access privileges to the web servers.

Related article: Legitimate Websites Increasingly Used for Malware Attacks

ยป SPAMfighter News - 23-01-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next