14 DAY TRIAL // Security researchers from Websense warn that over one hundred websites hosted at Media Temple (mt) have been injected with rogue code that lead visitors to a potent Web exploitation kit. The toolkit targets a dozen vulnerabilities in older versions of Flash Player, Adobe Reader, Internet Explorer or Java Runtime.
The mass compromise was detected by Websense's ThreatSeeker Network, and even though the affected websites are hosted at Media Temple, this does not imply any security problems with the hosting company's servers or infrastructure. Similarly to other hosting providers, Media Temple has had its share of compromised websites under its roof in the past and this is because hackers systematically scan entire address spaces for vulnerable targets, before proceeding to infect them.
A large number of the websites compromised in this latest attack (46%) are running WordPress, but again, this does not suggest any unpatched vulnerability in the popular blogging platform. The Websense security researchers note that most likely the injections are the result of flaws in outdated third party software.
The rogue code added to the compromised websites is obfuscated JavaScript, generates and directs users to one of malicious malicious URLs. “Using the algorithm [...], we generated 64 URLs […] and find there are 2 different scripts. One is very simple with an anti-bot trick so it won't be crawled by search engines. […] The other is highly obfuscated, and finally redirects to an exploit kit called Phoenix,” the Websense experts explain.
An exploit kit is a collection of exploits for vulnerabilities affecting various applications that are usually found on most people's computers. At the moment, the Phoenix kit targets two flaws in Adobe Flash Player, five in Adobe Reader, three in Internet Explorer and two in the Java Runtime Environment, however, these could change in the future.
In order to stay protected from such threats users are advised to always keep their applications up to date and run a capable antivirus program on their computers. Free specialized programs like the Personal Software Inspector (PSI) from Secunia, can monitor most programs installed on a computer and alert the owner as soon as any updates for them are available.
You can follow the editor on Twitter @lconstantin