ZDNet Informative - Be Careful Out There: 20,000 sites hit with drive-by attack code.

Review by 36356 on 2009-06-03
Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.

According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site.

The company discovered that the active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com).

This is unrelated to the Gumblar attack, Websense said.

This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.

The exploit site has been seeded with several different attacks targeted unpatched software vulnerabilities. The malware that gets loaded on compromised Windows machines is linked to scareware/rogueware (fake security applications).

Malware purveyors have increasingly turned to legitimate Web sites to launch attacks, using SQL injection techniques to compromise and hijack high-traffic sites.

According to data from MessageLabs, about 85 percent of Web sites blocked for hosting malicious content were ‘well-established’ domains that have been around for a year or more.
Comments:11 Replies - Latest reply on 2009-06-04
Posted by saj80 on 2009-06-03:
My netbook is in the repair shop, as we speak, getting reformatted because of a trojan virus that mirrored this exact problem.
Posted by MSCANTBEWRONG on 2009-06-03:
Thanks Super. VH
Posted by Anonymous on 2009-06-03:
Thanks, Supes! (VH)
Posted by Anonymous on 2009-06-03:
I hate hackers..step out of your Mothers basement and get ready to be issued a beatdown!
Posted by Anonymous on 2009-06-03:
I agree TW, when they catch them they should revert back to the witch burning days in Salem Mass.
Posted by MRM on 2009-06-03:
Thanks for the heads up! Saj, firewall is your best defense!
Posted by Pepper on 2009-06-03:
and don't forget...

if you have a router, put a password on it.

even if it's not a wireless... if someone knows your IP and knows the default router password they can still do stuff to your system
Posted by Anonymous on 2009-06-03:
Excellent point Pepper. I read that something like 80% of home users leave the admin password at the default. And just as many wireless users never bother to set up user encryption.
Posted by BokiBean on 2009-06-04:
Nice info, super! I had heard nothing about this!
Posted by saj80 on 2009-06-04:
MRM, I had my Windows firewall activated, as well as an "independent" virus/firewall program, and it still got into my computer. Very frustrating! If someone know a good antivirus program, please let me know (not Norton or McAfee, as I believe they are "too big too fail").
Posted by Anonymous on 2009-06-04:
SB, although I totally agree with your sentiment, I would like to point out that no witch was ever burned in Salem. A number of people were imprisoned, and one man (Giles Corey, who refused to enter a plea) was pressed. (crushed to death)

Salem is a great place to visit, if you ever get the chance.

Your Name:
(displayed with your comment)
Your E-mail:

Your Experience/Advice:
Check spelling

By clicking submit you agree that you have read and accept the Terms of Service & Privacy Policy.

Note: All comments are reviewed by a moderator before being published. Please be sure to read our guidelines before commenting.