SophosLabs experts have found several affected websites

Feb 13, 2013 13:57 GMT  ·  By

Security researchers from Sophos say that cybercriminals are using a clever tactic to hide their pieces of malware on legitimate websites. They’re injecting their malware into JavaScript code that’s hosted on the site.

The malicious code inherits the reputation of the legitimate JavaScript and the main website. Even if security solutions identify the threat, the detection might be seen as a false positive.

Such techniques have been used recently to plant the Troj/iframe-JG Trojan on various legitimate websites, including the ones of a primary school from England, a London nightclub, an East African TV company, Italian community sites, and a US trade association of financial advisors.

The website of headphone manufacturer Fanny Wang has also been infected with the malware, but the company has failed to respond to the security firm’s notifications.

None of the other notified companies have responded to SophosLabs, so the experts haven’t been able to determine how the code was injected, but the hackers may have abused the fact that some of the sites are using outdated software.