Security firm Kaspersky Lab reported that a user contacted the company after he had noticed "strange behaviour" from his browser. The antivirus software vendor said the site contained scripts that downloaded a Trojan installer.
According to Kaspersky, the user visited www.5755.ru after seeing the site advertised on TV. Upon visiting the site, a second browser window was launched and the malicious scripts then attempted to run.
Kaspersky Lab said that it later found that more than 470 other servers had been compromised with the same attack. Those servers, according to Kaspersky, were all traced back to Valuehost.
Valuehost offers hosting services to more than 60,000 Russian sites, and the company also offers hosting in the UK and the US. 5755.ru, valuehost.com and valuehost.co.uk were all down at the time of publication of this article.
Valuehost had not responded to requests for comment as of press time.
In May, Valuehost's email addresses were spoofed in order to carry out an email Trojan attack.
_(28).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
