Large numbers of legitimate websites, including some owned by the United Nations, are being hacked to serve up malware to unwitting visitors. Security companies raised an alarm based on the dramatic increase in attacks this week. There doesn't appear to be a single vulnerability, though many of the recent attacks are exploiting a known SQL Injection hole. Others attribute some of the attacks to a vulnerability with Microsoft's Internet Information Services (IIS) product.
Although it may not be clear how attackers are compromising such large numbers of Web sites, what happens after a site is infected is well understood, researchers have said. When a visitor reaches one of the hacked sites, malicious JavaScript loads an IFrame from a malware-hosting server and the IFrame redirects the browser to a different page, also hosted on the hacker's server. Next, a multiple-strike attack kit is downloaded to the visitor's PC. The kit tries eight different exploits, and if it finds one that works, it hijacks the system.
[H]ard|OCP - www.hardocp.com
[H]ard|OCP - www.hardocp.com
