10,000 Web pages rigged by cybercriminals to hijack PCs of unsuspecting Web surfers 
(18/03/2008)
In one of the largest attacks to date of this kind, over 10,000 Web pages have been rigged by cybercriminals to hijack PCs of unsuspecting Web surfers.
The Web pages have all been modified with code that silently redirects visitors to another Web site laden with a malware cocktail that attempts to break into the user's PC. The redirect and the attempted break-ins all happen unbeknownst to the Web surfer.
Compromised Web pages include pages on everyday Web sites such as travel sites, government Web sites and hobbyist sites. The attack serves as a reminder that even trusted Web sites could be malicious.
"Often you hear warnings about not going to un-trusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs. "That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited."
Hackers reprogrammed the Web pages in an automated attack that included scanning the Internet for unsecured servers and subsequently planting a piece of JavaScript code that redirects to a site in China to serve up the malware. The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC.
The malware that's ultimately planted tries to steal passwords to online games. A back door also allows the subsequent installation of additional malicious programs. Cybercrooks have increasingly been targeting online gamers as items in virtual worlds and characters in games have now got monetary value in the physical world.
McAfee Avert Labs first spotted this attack last weeek. Of the 10,000 pages that were compromised a number has already been cleaned up. A single entity is likely behind this attack, since the malicious code on all these pages was served up from the same server in China.
Related topics: Hacking and intrusion prevention
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
