Hundreds of Thousands of Web Pages Hijacked
McAfee noticed Wednesday an ongoing attack that modifies web pages to redirect traffic to another site in China. This site then infects PC’s with a Trojan to steal personal information, including usernames/passwords for online banking. According to McAfee, “one gang” alone has infected about 12,000 sites, all over the globe. Apparently there may be different groups, because elsewhere in the article mention is made that hundreds of thousands of web pages have been compromised.
Though the article discusses how the modified websites forward users to a malicious website, no mention is made about how the websites themselves are being modified in the first place – neither where the attacks are originating or what vulnerabilities are being exploited.
What makes this attack interesting is the large scale on which it was carried out, and that no website can be guaranteed safe. From the user-end, the only way to protect againt the Trojan is to run Windows in user-mode (if you run it at all) or disable Flash Player, which is one of the programs being exploited. Then, of course, McAfee makes the pitch about keeping anti-virus software up to date (give us more $$$), etc.
Comment by Fabian
March 16, 2008 @ 8:52 pm
I keep wondering if there is a conspiracy theory behind all of these. Would be possible that the anti virus company be the one who actually funded the group? The chances might be unlikely.