A large web directory, with users mostly from Asia, injected with compromising code

Sep 6, 2011 08:55 GMT  ·  By

Users who've visited the Web Directories site on the 4th of September might have been redirected to a third party page leveraging the Incognito exploit kit.

One of the largest directories on the internet, the site was compromised after a program line, representing a redirect to a malicious address containing exploit codes, was inserted.

An analysis made by the Websense Security Labs revealed that the hacking tool involved is known as Incognito, which silently infects the client computers with a Trojan virus.

According to the Security Labs blog, Incognito is a Malware as a Service (MaaS) which has two versions running in the wild.

Underground communities make use of it to launch automated attacks, with the purpose of spreading malware.

This particular tool can be purchased and even rented by those who want to infect the computers of unsuspecting internet users with their own malicious software. If the price for such an exploit kit can reach as high as a few thousand dollars, it can be rented for a weekly fee of $200 of a 15% share of the generated traffic.

The cybercriminals who make use of such means work in close collaboration with those who spread fake anti-virus programs. These programs are masqueraded as AV solutions which actually give the hacker access to the target computer.

Results of the analysis, made by the security services provider, show that a large number of websites have been recently infected with the malevolent piece of code.

Web Directories is a service with highly ranked global traffic, especially in Asia, which means that a lot of users may have accessed the website, possibly resulting in a large number of infections.

At the time when this article was written, the website appeared to be clean, no longer containing the lines of code used to redirect visitors.