More Websites Are Compromised, This Time Avoiding Chinese Websites And Users
Two days ago there was a report about Chinese and Chinese language websites compromised and SQL-injected in order to infect visitors with malware. According to net security firm ScanSafe, recently new rounds of SQL injection attacks mostly target English language sites on .com domains, some of them hosted in China.
This time the attack purposefully avoid Chinese government sites. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts includes the text “silent love china” in an apparent greeting of other Chinese hackers. The malicious code exploit popular RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs.
More than 7,000 sites have been compromised in this way so far. Among compromised websites there is Hong Kong stock brokerage website (kgieworld.com) and Kodak camera reviews (digitalcamerareview.com). There are also sites of Israel Humanitarian Foundation, London-based Child Rights Information Network, the UK’s West Midlands Local Government Association, and AsiaObserver news portal. All these sites redirect to other domains and lead to the download and execution of http://******gol.com/xx.exe, which is detected as BKDR_HUPIGON.CFV by Trend Micro.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.