Serious attack launched from China

May 21, 2008 09:01 GMT  ·  By

A new attack has been detected on the Internet, no less than 9,000 websites being already affected by an exploit codenamed "Silent Love China". SiliconRepublic.com writes that the infection attempts to inject some sort of malicious code into popular websites and steal usernames and passwords belonging to visitors. Similar iFrame attacks were spotted in the past but this time, hackers are especially focused on stealing users' information and not on harming the website, Damian Saunders, Citrix official, told the source mentioned above.

"The virus doesn't threaten the owner of the site, it threatens the user. What happens with this type of attack is rather than destroy a website, the hacker plants a code using SQL injection," explains Damian Saunders, manager of Citrix's applications networking group.

What's worse is that the attack is not meant to affect a certain website or, at least, a group or category of websites. Hackers are simply looking for popular vulnerable pages which could bring them an acceptable amount of information. For instance, subscription-based websites which work on a username and password login basis could be among the ones targeted by the attacks, so extra-care is recommended these days for both webmasters and visitors.

And more interesting is the fact that the iFrame injection searches for Internet Explorer and RealPlayer vulnerabilities which, once found, could be used to deploy a Trojan horse on the visitors' computers.

"The problem with this kind of attack is that site owners need to adapt the security of the site almost as continually as the content changes on the site. This can be frustrating. Firms that want to protect themselves and their users from this kind of attack should look to infrastructure-based solutions and make sure their web applications are properly firewalled," Saunders added.