Mail.html and Upload.html files have been added to the hijacked sites

Aug 8, 2012 11:52 GMT  ·  By

Security researchers from AegisLab have noticed that more than 300 websites have been compromised and altered to host malicious mail.htm or upload.htm files.

Embedded iframes ensure that drive-by-download attacks are launched each time these pages are visited. Victims are redirected to various Russian websites and discussion boards.

The piece of malware involved in this campaign is a variant of the infamous Cridex worm which is currently identified by around 30 of the 42 vendors present on VirusTotal.

Experts have determined that the sites have been hijacked by the cybercriminals because they use outdated software packages.

Out-of-date software is also the reason for which hackers have managed to compromise Reuters’ blogging platform. According to SC Magazine, they still haven’t upgraded their WordPress 3.1.1 installation.