Security News

Large-scale web attack infects more than 11.000 Websites

Tue, 19 June 2007

Tettnang, Tue, 19 June 2007 - Avira warns about thousands legitimate websites being hacked and pointing to malicious code.

At the time of writing we have discovered more than 11.000 websites that have been compromised using only a few lines of code that have been injected into the main site's HTML page. In this case an IFRAME is used that makes the browser load another site that will host expoit code which downloads a trojan in order to compromise users machines.

This time a hacking tool called MPack was used. This distribution and attack kit comes along with a collection of exploit modules and detailed statistics. The exploit code is detected by Avira's heuristic module AHeAD as HEUR/Exploit.HTML.

During Avira's research on this large scale attack we managed to get access to the statistics provided on the same server where the malware itself is hosted.

At the time of writing 11.146 websites have been hacked in order to redirect to the server hosting the exploit. 115.114 unique visitors have visited those webistes while more than 10% of their visitors got infected which means 12.067 to be exact. In fact the time used to write this news another 50 websites got compromised.

Avira recommends that you use an alternative browser other than IE, install security patches and make sure your antivirus software is up to date. Additionally, we advise administrators to block the following IP address since it was identified as hosting several malicious files: 64.38.33.13

Other news from this category	Archive

Spam leads to malware instead of mail settings	Thu, 15 October 2009
Avira issues a warning on harmful PDF files	Mon, 12 October 2009
Avira warns: Fraudulent antivirus software supplied from hacked webservers	Thu, 01 October 2009
Avira keeps Dogrobot at bay	Thu, 24 September 2009
Supposed Avira key generator contains malware	Tue, 22 September 2009