Malware on Web sites (continued)
The wide-spread infection of Web sites continues. Information Week reports:
On Friday, U.S. CERT issued a warning about SQL injection attacks that have compromised a large number of legitimate Web sites. Affected Web sites contain injected JavaScript that attempts to exploit several known vulnerabilities. U.S. CERT recommends disabling JavaScript and ActiveX.
Because otherwise legitimate Web sites deliver this attack, SAN Internet Storm Center handler Donald Smith observes that the concept of a “trusted” or “legitimate” site is no longer meaningful. The attack has reportedly affected the Web sites of the United Nations and the U.S. Department of Homeland Security, to name a few.
On Thursday, computer security firm F-Secure said that it had found the offending JavaScript code on over half a million Web pages. The company said that IT administrators should immediately block nmidahena.com, aspder.com, and nihaorr1.com, three domains associated with the injection attack.
Google (NSDQ: GOOG) may have taken some action to remove some of the affected pages from its index. A Google search for a text string associated with the malicious JavaScipt now yields only 56,700 results. A screenshot of what is presumably a similar Google search — the exact string is blurred — performed by F-Secure last week shows 510,000 results.
A search using the same text string on Microsoft’s Live Search returns 268,000 results. Yahoo Search returns 560,000 results for the text string in question.
If disabling JavaScript seems too drastic, at least watch out for Web sites that use pages created by Microsoft servers. They have the extension ASP or ASPX. This particular infection is presumably not in pages with ordinary HTML or with PHP extensions.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.