Mass Webpage Compromise

Wednesday, March 7, 2012 @ 02:03 PM gHale


Just around 30,000 unique websites are currently suffering from compromises that redirect visitors to sites that promote bogus antivirus software.

Of those 30,000 sites, 200,000 webpages suffer from the compromise, with the campaign mostly targeting ones hosted by the WordPress content management system, said researchers at Websense.

RELATED STORIES
McAfee: Abundant Gaps in Security
GOP Sen.’s Offer Own Security Bill
Cyber Security Bill Launches in Senate
White House: Congress Must Pass Cyber Laws

After multiple redirects, victims go to a website that performs a fake scan, pointing out a large number of infections and threats that affect the system. The scan looks as though it takes place in a Windows Explorer window, but in reality it’s nothing more than a webpage set up to dupe users.

When the scan is complete, a dialogue box then urges the user to install an antivirus tool that will remove the pieces of malware. However, the antivirus installer is nothing more than a Trojan that once installed can give its master complete control over the infected machine.

More than 85% of the compromised website are in the United States. Other countries like Turkey, Brazil, UK, India, China, South Africa, Jordan, Canada, Philippines and Taiwan are feeling the brunt end of the attacks also.

The injected code usually goes before the tag.



Leave a Reply

You must be logged in to post a comment.