'Nine-Ball' mass compromise infects 40,000 sites
Thursday, June 18, 2009
Cybercriminals compromised roughly 40,000 legitimate websites in a multi-level redirection attack that takes unsuspecting users to a website called Nine-Ball. Visitors to that site have their PCs infected with malware, web security researchers said.
Similar to recent mass compromise attacks called Beladen and Gumblar, Nine-Ball infects legitimate websites with obfuscated code that redirects site visitors to a series of sites before landing on a final page where a Trojan is downloaded on the user's PC, according to Websense security researchers.
Websense said on its security blog Tuesday that the final landing page, called Nine-Ball, records the visitor's IP address. When visited for the first time, the user is directed to the Nine-Ball site. But when visited again from the same IP address, the user is directed to the benign site of ask.com.
The malicious code attempts to exploit security holes in Acrobat Reader and QuickTime and a malicious file is dropped onto the PC to steal user information.
Stephan Chanette, director of web security research at Websense, said the compromised websites were "sleeping" until Monday, when the attacks went live, according to SCmagazineUS.com.
Chanette said that none of the 40,000 sites infected so far are well-known brands.
"Attackers are going after quantity and not quality," Chanette told SCmagazineUS.com. "If they go after big name websites, they are shut down faster."
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
