CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 21st, 2008

More Websites Are Compromised, This Time Avoiding Chinese Websites And Users

Two days ago there was a report about Chinese and Chinese language websites compromised and SQL-injected in order to infect visitors with malware. According to net security firm ScanSafe, recently new rounds of SQL injection attacks mostly target English language sites on .com domains, some of them hosted in China.

This time the attack purposefully avoid Chinese government sites. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts includes the text “silent love china” in an apparent greeting of other Chinese hackers. The malicious code exploit popular RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs.

More than 7,000 sites have been compromised in this way so far. Among compromised websites there is Hong Kong stock brokerage website (kgieworld.com) and Kodak camera reviews (digitalcamerareview.com). There are also sites of Israel Humanitarian Foundation, London-based Child Rights Information Network, the UK’s West Midlands Local Government Association, and AsiaObserver news portal. All these sites redirect to other domains and lead to the download and execution of http://******gol.com/xx.exe, which is detected as BKDR_HUPIGON.CFV by Trend Micro.

Share this item with others:

More on CyberInsecure:
  • Above 300,000 More Websites Compromised Targeting Chinese Users
  • One Of CNN Sports Websites Hacked By Chinese Anti-CNN Group
  • Twitter DNS Hackers Hit Chinese Search Engine Baidu.com
  • Asprox Botnet Mass Attack Hits Governmental, Healthcare, and Top Business Websites
  • New Malware Spam Reporting Bogus Beijing Earthquake Targets Olympic Games Fans

    • Posted in Malware, Mass Web Attacks, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Wednesday, May 21st, 2008 at 5:27 am and is filed under Malware, Mass Web Attacks, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: More Websites Are Compromised, This Time Avoiding Chinese Websites And Users

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »