[ISN] Hackers Compromise 40,000 Web Sites

From: InfoSec News <alerts_at_private>
Date: Tue, 2 Jun 2009 02:25:56 -0500 (CDT)
http://www.eweekeurope.co.uk/news/hackers-compromise-40-000-web-sites-1029

By Brian Prince
eWEEK Europe
6.2.2009

Security researchers at Websense say the tactics are reminiscent of the 
notorious RBN group

Researchers at Websense are reporting a mass compromise that may have 
affected as many as 40,000 Websites.

Although Websense would not name any of the compromised sites, 
researchers said the victims did not include any "big-name government or 
business sites." The compromised sites are redirecting users to 
typo-squatted misspellings of legitimate Google Analytics domains. From 
there, users are redirected to the malicious Beladen.net site.

"The Google Analytics site serves as a statistics keeper, and the 
Beladen site is used to host the exploits," said Stephan Chenette, 
manager of security research for Websense Security Labs. "It analyses 
the end-user PC and attempts to exploit several different unpatched 
vulnerabilities … If none of the unpatched vulnerabilities exist, it 
delivers a popup claiming that the PC is infected in an attempt to trick 
the user into installing rogue anti-virus software."

According to Websense, the Beladen site is stacked with multiple types 
of malware—as many as 15 to 20 different exploits targeting various 
vulnerabilities.

Just how the legitimate Websites are being compromised is unclear, 
though Websense researchers speculate that it is a SQL injection issue.

[...]


_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 
Received on Tue Jun 02 2009 - 00:25:56 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 02 2009 - 00:29:37 PDT