Security researchers are raising an alarm for a potent malware cocktail - backdoor Trojans and password stealers being pushed to Windows users from about 55,000 hacked Web sites.
According to Mary Landesman, a researcher in ScanSafe's security threat alert team, the cybercriminals have embedded a malicious iFrame into tens of thousands of Websites to fire exploits at unsuspecting PC users who surf to one of the rigged sites.
The iFrame points to an intermediary exploit site which in turn loads additional exploits and malware from up to seven different malware domains, Landesman said.
She ran a Google search on the iframe script tag and found it embedded on about 54,900 sites, many of them legitimate online destinations.
Victim sites include www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com.
At the time of writing this blog post, the number of hacked sites listed in Google results climbed to 56,000.
It is not yet clear which vulnerabilities are being exploited in this attack but, judging from recent history, end users should ensure that operating system and desktop software programs are fully patched.
The most common programs under attack include Adobe Flash, Adobe PDF Reader, Apple's QuickTime, WinZip and RealPlayer. In addition to Microsoft Windows patches, these desktop applications should be updated to the newest version immediately.
If you run a website then I would suggest you do a file search for the aforementioned code and make sure your site has not been hacked, especially if you use 3rd party scripts that may be vulnerable.
Jun 23, 2011 at 1:25 AM Kudos to you! I hadn't thugoht of that!