Viruses/Worms News

'Nine-Ball' mass compromise infects 40,000 sites

Thursday, June 18, 2009

Cybercriminals compromised roughly 40,000 legitimate websites in a multi-level redirection attack that takes unsuspecting users to a website called Nine-Ball. Visitors to that site have their PCs infected with malware, web security researchers said.

Similar to recent mass compromise attacks called Beladen and Gumblar, Nine-Ball infects legitimate websites with obfuscated code that redirects site visitors to a series of sites before landing on a final page where a Trojan is downloaded on the user's PC, according to Websense security researchers.

Websense said on its security blog Tuesday that the final landing page, called Nine-Ball, records the visitor's IP address. When visited for the first time, the user is directed to the Nine-Ball site. But when visited again from the same IP address, the user is directed to the benign site of ask.com.

The malicious code attempts to exploit security holes in Acrobat Reader and QuickTime and a malicious file is dropped onto the PC to steal user information.

Stephan Chanette, director of web security research at Websense, said the compromised websites were "sleeping" until Monday, when the attacks went live, according to SCmagazineUS.com.

Chanette said that none of the 40,000 sites infected so far are well-known brands.

"Attackers are going after quantity and not quality," Chanette told SCmagazineUS.com. "If they go after big name websites, they are shut down faster."
ADNFCR-1765-ID-19225366-ADNFCR

Related News:

Researchers: Malware attackers reloading for Windows 7 assaults - 11.20.2009
A report issued yesterday by computer security firm Symantec says that hackers are undoubtedly reworking their malicious software to target Windows 7 as more users switch to the latest version of Microsoft's flagship OS.

Want to secure your iPhone against intruders? There's an app for that - 11.20.2009
Cisco Systems today released a free iPhone app that will allow users to receive security updates and the latest news on web threats, as well as aggregating additional security related content for iPhone users.

Microsoft says 64-bit versions of Windows are harder to infect - 11.19.2009
Members of Microsoft's security team write that 64-bit editions of Windows are much less susceptible to malware attacks, but outside experts caution that 64-bit malware could be the next big thing in cyber crime.

Google coming down hard on malicious advertisers - 11.18.2009
Search giant Google has said that it will lay down the law where scam artists and malvertisers are concerned: Permanent bans will be the result of any fraudulent activity on the company's AdWords service.

If at first you don't succeed: Most malware protection fails first round of certification testing - 11.17.2009
A study performed by security testing and research firm ICSA Labs says that almost four out of five computer security products fail their first certification tests and need to be retooled for a second and sometimes a third attempt.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now