Thousands of Webpages Compromised

As per the news published by The Register on June 9, 2010, over 100,000 webpages, belonging to police departments, newspapers and several other large organizations, have been attacked by cyber criminals over the last few days in an attempt to divert visitors to a maliciously crafted website. The website tries to install malware on the users' PCs.

The website of the police department for the UK county of Strathclyde, wsj.com of The Wall Street Journal and tomtom.com.tw are among the leading websites hacked. In addition to these, Intljobs.org and Servicewomen.org have also been hacked. According to the estimates by the security experts, total number of hacked websites range from 7,000 to 114,000.

Moreover, on June 8, 2010, in excess of 100,000 webpages were found infected in Google searches.

David Dede, head of malware research at security firm Sucuri, said that it appears that the websites running a banner-ad component on the top of Internet Information Services of Microsoft using ASP.net have been affected by this mass compromise, reported The Register on June 9, 2010.

ScanSafe, Web-tracking division of Cisco Systems, began tracking the incident two days back, stated Mary Landesman, Cisco's senior security researcher, as per the news published by ComputerWorld on June 9, 2010.

The hackers somehow planted malicious HTML codes on the compromised websites that diverted users to a malicious server, which, in turn, tried to implant malicious software on the computers of web visitors. The installed software provided criminals with the remote access to the affected PCs.

The criminals planted iframes in hacked sites using the exploit, which diverted visitors to robint.us site. Malicious javascript on this website served visitors with malware called Mal/Behav-290, as per the anti-virus firm Sophos.

Nevertheless, robint.us has been disabled due to the immense efforts carried out by the volunteer security group Shadowserver Foundation. This action will allow the researchers of Shadowserver to identify all the compromised sites as well as to collect additional details on how the mass assault was conducted, said Andre' M. Di Mino, as per the news published by The Register on June 9, 2010.

The security experts said that although these mass attacks targeting websites have become comparatively more prevalent in last three years, the latest incident seems to be the worst since April 2010 when a number of Wordpress websites were compromised.

Related article: Thousands of Aussie Internauts could get Disconnected from the Net

» SPAMfighter News - 6/17/2010