Hackers Use Antivirus Website to Launch Virus
AvSoft Technologies, an antivirus vendor in India, suffered a hacking attack when its Website was compromised in the second week of February 2008. While it is not known how the malicious code hit the Website, information of the compromise was first revealed in the Full Disclosure security discussion list on February 7, 2008.
Chief Research Officer, Roger Thompson, at security provider AVG (formally named Grisoft) observed that the malware is being hosted in the download section of AvSoft's Website.
According to the research officers, the attackers set up a hidden iFrame Window in the visitor's browser to redirect visitor to a different server. That Internet-connected system then delivered an exploit code to install harmful software onto the hacked computer. The malicious software is a virus called Virut.
Roger Thompson explained that in the current hacking attack, the Virut virus attacks by first infecting all the programs on the user's hard drives, and then it starts hitting the network drives too when ran for the first time, InfoWorld published this in news on February 7, 2008.
The team of security researchers is somewhat relieved because fortunately, the malicious code used to plant Virut exploits just the well-known bugs, implying that computers deployed with antivirus solutions on properly patched systems would probably not be infected as a result of the hacking attack.
The team also noted that the technique applied for hacking the Website was observed in numerous similar hacks during the passing few months (i.e., last months of 2007 and early 2008).
According to Dave Marcus, Security Research Manager at McAfee, hackers compromised the site by exploiting an error in Web programming, possibly in the PHP or SQL code of the site. Security researchers have also found that criminals authored automated programs that hunt for such flaws in the Web and then infect sites, a problem that is increasingly becoming common.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 19-02-2008