Exploits that caused more than 10,000 Web sites to spew malware were orchestrated by a single gang.

An excerpt from PC World:

The latest problems show that the power of this particular hacking gang appears to be growing since it was identified early last year. At that time, Finjan said it found a number of Web servers that had been hacked in order to serve malicious code to visitors. The attackers used several methods to hide their tracks and infect a maximum number of PCs.

The fact that it affected an online advertising company extrapolated the exploit and has lead to malicious ad banners being served on legitimate sites.

Some key things to note about the exploit are:

  • The code is served only once to an IP
  • Serving legitimate content to known IPs, thus avoiding detection from search engine crawlers
  • The malicious JavaScript files are randomly generated and don’t persist on a site

The attacks target several vulnerabilities to install malware on Web servers. The suggested mechanism to prevent infection is browser-based plug-ins. Services such as AVG’s LinkScanner, McAfee’s SiteAdvisor, and Finjin’s SecureBrowser are recommended.


Mom & Pop Sites Hit Hard by Host Compromise (ScanSafe)