14 DAY TRIAL // Cybercriminals are coming up with new techniques to make sure webmaster don’t spot their malicious codes too easily. Researchers found a piece of code cleverly masqueraded to look like a legitimate Google Analytics piece of code on compromised websites.
Websense experts found that the ill-intended code is designed to look genuine. However, there are a few clues that give away its true identity and purpose.
One of these hints is the fact that the code is placed at the top of the page, instead of the bottom where most webmasters place Google Analytics code.
The placeholder is another element that reveals the code’s true purpose, cybercriminals using “UA-XXXXX-X”.
Finally, some shady domains, whose names contains the words “google” and “analytics” are used to store a JavaScript file called ga.js that ultimately leads website visitors to the malicious Blackhole Exploit.