Cyber-attack launched from 10,000 web pages

By

A security firm has identified over 10,000 web pages rigged by cyber-criminals to hijack the PCs of unsuspecting surfers..

Cyber-attack launched from 10,000 web pages
The web pages have been modified to silently redirect visitors to sites laden with malware that attempt to break into the user's PC.

McAfee Avert Labs described the assault as "one of the largest attacks to date of this kind".

The redirects and attempted break-ins are all hidden from the unwitting user. Compromised web pages include everyday destinations such as travel, government and hobby sites.

The attack serves as a reminder that even trusted websites can be malicious, McAfee warned.

"Often you hear warnings about not going to untrusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs.

"That is good advice, but it is not enough. Even sites you know and trust can become compromised."

The reprogrammed web pages are probably victims of an automated attack that included scanning the internet for unsecured servers and planting a piece of JavaScript code that redirects to a site in China to serve up the malware.

The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC. A back door also allows the subsequent installation of additional malicious programs.

McAfee Avert Labs first spotted the attack on 12 March. "Of the 10,000 pages that were compromised a number have already been cleaned up," the firm stated.

"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
000cyber attackfromlaunchedpagessecurityweb

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?