'Beladen' web attack has infected 40,000 websites
Tuesday, June 2, 2009
A web security firm has identified roughly 40,000 legitimate websites that cybercriminals have hacked to redirect visitors to an exploit site called Beladen. Similar to the Gumblar attacks, the hacked websites point to a domain where visitors are infected with malware.
Beladen and Gumblar now appear to mark a new trend - mass compromises of websites that convert them into a type of botnet of infected sites, rather than botnets of hacked PCs, security experts said.
The Beladen domain attempts to infect PCs through older, vulnerable browser versions and third-party applications like QuickTime and Winzip.
Security vendor Websense warned on its blog last week that Beladen had compromised about 20,000 websites, a number which has since doubled in size.
The hacked sites have been injected with malicious, obfuscated code that leads to a site which uses a similar domain name to the legitimate Google Analytics domain, which records the user's browsing statistics for the attacker, researchers said.
That site then redirects users to Beladen, where the malware is uploaded.
"Following the recent Gumblar attack, we know that mass injections are nothing new, but these are becoming more popular and more common," a Websense researcher wrote in a blog Monday.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
