CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 7th, 2010

Thousands Of Websites Distribute Scareware After Mass Injection Attack, BlueHost, DreamHost, Bizland, GoDaddy Affected

A new mass injection attack has compromised tens of thousands of websites with code that directs visitors to rogue antivirus programs. The attack was detected and reported by security researchers from Websense, a provider of Web and email security solutions.

“Websense ThreatSeeker Network detected this large-scale break out of the campaign recently. The targets are four well-known Web hosting providers: BlueHost, DreamHost, Bizland and Go Daddy,” the Websense experts note.

During last week the number of affected sites varied from 22,000 to almost 39,000 depending on the day, with BlueHost being the most affected hosting company. Statistics compiled by Websense reveal that BlueHost accounted for 38% of compromised sites and was followed by DreamHost with 28%, BizLand with 19% and Go Daddy with 12%.

The attack involves a rogue “script” element being added just before the end of the page body, with the src attribute loading content from several remote addresses.

This external code checks if the user was targeted before and if not it redirects them to websites in the .co.cc domain space, which display fake antivirus warnings commonly associated with scareware campaigns.

The purpose of these bogus alerts is to convince users to install rogue antivirus program, which further bombards them with fictitious warnings in an attempt to trick them into paying license fees.

Two of the malicious domains involved in this attack, whereisdudescars.com and losotrana.com, have participated in a similar mass compromise back in July.

It is highly likely that the same individuals are behind both campaigns. According to Websense, the domains “were registered between May and July by the same person using two free mailboxes.”

Cybercriminals use automatic tools to scan the IP spaces of major hosting companies for vulnerable websites and infect them all at once to target as many users as possible.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • GoDaddy.com Hosting Hit By A Major Denial-of-Service Attack
  • Mass SQL Injection Attack Infects Over 28,000 Pages, Including iTunes Podcast
  • TweetMeme Hit By Malvertisement, Users Redirected To Fake Antivirus Pages
  • osCommerce Compromised Sites Distribute ZeuS Spin-off Trojan, Millions Of Pages Infected
  • US Treasury Department Websites Infect Visitors With Malware

    • Posted in Breaches And Incidents, Hacked, Malware, Mass Web Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, September 7th, 2010 at 1:25 pm and is filed under Breaches And Incidents, Hacked, Malware, Mass Web Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Thousands Of Websites Distribute Scareware After Mass Injection Attack, BlueHost, DreamHost, Bizland, GoDaddy Affected

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »