JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites
Tim Wilson writes on Dark Reading:
Websense Security Labs yesterday reported a new JavaScript injection attack that has infected "hundreds of thousands" of Websites, including a United Nations site and some UK government sites.More here.
Web users who browse the infected sites will unknowingly load a file that automatically attempts to serve up a concoction of eight different exploits designed to gain access to their computers and install information-stealing malware, Websense says in its report.
The mass attack appears to be from the same group of individuals who launched a similar "iFrame" attack a few weeks ago, which compromised thousands of Internet domains, including U.S. news and travel sites.
"The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," Websense says. "We have no doubt that the two attacks are related."
In the space of just a few hours yesterday, Websense said it saw the number of compromised sites increase by a factor of ten.
Note: See also Giorgio Maone's comments over at Hackademix, and Dancho Danchev's comments on his blog...
posted by Fergie @ 4/23/2008 01:43:00 PM
0 Comments:
Post a Comment
<< Home