The Register reports on a large scale outbreak of malicious attacks originating from several hundred sites.
Over the past four days, 15 per cent of the blocked malicious traffic has come from just a few hundred sites, which appear to be legitimate ecommerce destinations that have been compromised by attackers. This prompted Landesman to do some digging, and what she uncovered is unlike anything she’s seen before.
For one thing, the sites themselves are hosting the malware, which is then foisted on visitors. Most of the time attackers are unable to gain such a high degree of control over the sites they hack, so they redirect end users to servers under the control of bad guys and use them to drop malicious payloads.
The sites are hosted on different servers, and no direct link has been found between them. Researchers have found the Trojan spewed by the sites to be of a Rbot type with only three anti-viruses being able to detect it (Kaspersky is one among them).
Stay on top of the latest tech news
Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!