Security researchers from AegisLab have noticed that more than 300 websites have been compromised and altered to host malicious mail.htm or upload.htm files.
ensure that drive-by-download attacks are launched each time these pages are visited. Victims are redirected to various Russian websites and discussion boards.
The piece of malware involved in this campaign is a variant of the infamous Cridex worm which is currently identified by around 30 of the 42 vendors present on VirusTotal
Experts have determined that the sites have been hijacked by the cybercriminals because they use outdated software packages.
Out-of-date software is also the reason for which hackers have managed to compromise Reuters’ blogging platform
. According to
SC Magazine, they still haven’t upgraded their WordPress 3.1.1 installation.