Hackers Target Legitimate Websites to Host Malware

According to a new report that MessageLabs Intelligence of Symantec released on May 12, 2009, the belief that the majority of web-borne malicious programs are found on fly-by-night websites is no longer a valid supposition. Instead, it is expected that cyber criminals will furtively lurking on authorized websites, which they have compromised.

From the data gathered during the 2nd week of May 2009, researchers at MessageLabs indicated that 84% of domains deceptively used for hosting malware were website domains that had been established legally and were more than 12 months old, whereas 15.4% of such domains were not that old. Furthermore, 10.2% of sites were less than 30 days old, while 3.1% were not even seven days old.

Paul Wood, Senior Analyst of MessageLabs Intelligence, Symantec, says that it is greatly possible that longer lasting websites are authorized sites, whereas those that have been around for only seven days or still fewer are temporary sites created chiefly to distribute malware, as reported by WebProNews on May 12, 2009.

Some security specialists also state that cyber criminals could block legitimate websites via SQL injections where malware is pushed inside strings that the manipulator later transmits to an SQL server to be parsed and executed.

Besides this, hackers could compromise legitimate sites through XSS (cross-site scripting) attacks. The latest and rather scary instances come from Google where an XSS security flaw was found around the middle of April 2009, affecting various Google services such as Google Documents, Analytics, Gmail and iGoogle.

The vulnerability involved the Support Python Script of Google that allowed attackers to illegally grab session cookies. Since there is only one sign-on cookie that Google.com utilizes for the whole range of its personalized services, a hacker may not find it difficult to access users' documents, analytics, website code, e-mails and contacts that the user might have saved on Google servers.

Hence, Symantec's security researchers urge people to take additional care and realize that hackers could compromise even those sites, which they think are familiar and trustworthy, while businesses must try to take the malicious sites offline.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 5/22/2009