Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

INCIDENTS

Hundreds of Thousands of Websites Compromised

- Mass attack JavaScript injection compromises a huge number of pages

By: Bogdan Popa, Security and Search Engines Editor

Security companies around the world launched an alert concerning a new mass SQL infection which, by the first estimations, had already affected hundreds of
thousands of websites. And what's worse isn't necessarily the huge number of compromised pages, but the fact that among the affected ones, we can easily find UN and UK government websites. Most compromised pages can be found using web's search engines and searching for a certain term which I'm not going to disclose especially for security purposes.

According to security company Websense, when a visitor loads one of the compromised websites, it attempts to open a malicious JavaScript file called 1.js which is hosted on the main website. Although similar activities were spotted a few weeks ago, the attacks seem to be different, first of all due to the domain used.

"Once loaded, the file attempts 8 different exploits (the attack last April utilised 12). The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 as well as other applications. Ominously files named McAfee.htm and Yahoo.php are also called by 1.htm but are no longer active at the time of writing," Websense informs.

As mentioned, there are hundreds of thousands of compromised websites, most of them being searchable on Google or Yahoo. "There's another round of mass SQL injections going on which have infected hundreds of thousands of websites. Doing a Google search shows over 510,000 modified pages," security company F-Secure reports. Websense confirms the number of affected websites, too. "The number of sites affected is in the hundreds of thousands," it said.

Just as usual, users are advised to keep their antiviruses and firewall open, apply the latest patches and virus definitions and try to avoid websites that look suspicious and may attempt to drop malicious files on their computers.

MORE RELATED ARTICLES: Users Concerned about Google Account's Privacy Google Rolls Out Anti-Phishing Filter Is Internet Explorer Safer Than Firefox, Opera and Safari? Social Security Numbers Found by Googling Russia, Malware Producing Demon
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: google security javascript

24th April 2008, 07:47 GMT | Copyright (c) 2008 Softpedia | Contact:
Read by 623 user(s) | Rating: | 6 vote(s) so far | Cast your vote:
Hundreds of Thousands of Websites Compromised - USER OPINIONS




We are sorry, there are no opinions available for this article.


SHARE YOUR OPINION ABOUT Hundreds of Thousands of Websites Compromised

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive