10,000 Web sites rigged with advanced hacking attack

An increasing number of Web servers have been hacked to serve up a range of attacks to unwitting visitors, Finjan Software said.

A sophisticated hacking scheme seen early last year is affecting an increasing number of Web servers, including one owned by a major online advertising company, the chief technology officer of Finjan Software said Monday.

It appears that a single gang is behind the attacks, since the malicious software it spreads is storing login and password details on one server in Spain, said Yuval Ben-Itzhak. Finjan is trying to get the ISP (Internet service provider) to shut it down, he said.

A Web server of an online advertising company that serves 14 million banner ads to other Web sites has also been hacked, Ben-Itzhak said. That means that the PC of anyone who visits a legitimate site hosting a malicious banner ad could potentially be infected if their computer isn't patched, he said.

"You can imagine the magnitude," Ben-Itzhak said.

Ben-Itzhak declined to identify the company, but said Finjan contacted it last week about the problem. At least 10,000 other Web sites were serving up malicious code in December, although Finjan stopped counting, Ben-Itzhak said.

The latest problems show that the power of this particular hacking gang appears to be growing since it was identified early last year. At that time, Finjan said it found a number of Web servers that had been hacked in order to serve malicious code to visitors. The attackers used several methods to hide their tracks and infect a maximum number of PCs.

The attack is structured using JavaScript so that the malicious code is only served up once to a PC, which helps avoid repeated tests by security scanning services.

Further, hackers also record the IP (Internet Protocol) addresses of crawlers used by search engines and reputation services, which evaluate the risk in visiting certain Web sites. Those page requests are then served with legitimate content.

The JavaScript that starts the exploit also dynamically changes, which makes it more difficult to detect with security software, Finjan said. Once hacked, a Web server hosting hundreds of Web sites will serve up the attack code.

The code looks for at least 13 software vulnerabilities in order to place a Trojan horse program on the PC.

The hackers also regularly change the vulnerabilities that the attack looks for in order to increase the chances a computer can become infected, Ben-Itzhak said. After the PC is infected, the malware can start collecting data on the machine, such as documents and passwords. Finjan has dubbed the attack "random js Trojan."

Finjan asserts that antivirus software isn't as effective since the attack code can change so frequently. The company has a browser plug-in, called SecureBrowser, that analyzes the content of a Web page as it's being served, looking for traces of malicious code and then warning users. It also sells an enterprise-level appliance with scanning technology.

Finjan isn't the only company with that kind of technology. Exploit Prevention Labs, which was recently acquired by security company AVG, also has a product called LinkScanner that analyzes Web page content for malware, and McAfee has a service called SiteAdvisor that ranks the health of a Web site. All three companies offer free versions of their products.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?