Malware web based threats: Anatomy of a web hack.
Mass compromise of legitimate websites - Blackhat SEO Rogue Antivirus software and zero-day exploits!
Saturday, March 28, 2009
Black Hat SEO and Rogue Antivirus p.2
The silent threat: Black Hat SEO and Rogue Antivirus
The World Wide Web Consortium and Rogue AV
Having your website hacked with IFRAME injected, trojans/backdoors?
Having your pages infected with redirection to rogue antivirus/antispyware?
This page will show you some recent research about a malware campaign which has infected thousand of websites. In this campain all of these sites have been used to distribute fake antispyware called WinWebSec or FakeSpyGuard.(Sometimes called WinWebSecurity or SystemSecurity2009 with InternetAntivirusPro)
Since July/August 2008 hundreds of thousands of pages on legitimate domains were exploited having web pages stuffed with keywords (porn, celebrities, popular snacks) uploaded to them as a means of attracting victims via search engine results. In some cases, the homepage of the compromised site is being modified, appending hidden links to the malicious web page.
All info concluded that the attack was made via stolen FTP password, on all these domains.
An alarming observation also reveal that the activity grows at an exponential rate with malware/exploit code even more sofisticated.
You can find some IPs, network, domain used, example of hacked pages/websites and other malicious code injected into these domain on the links below or on other page on this blog.