Hackers Jack Thousands of Sites, Including U.N. Domains
Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked.
Gregg Keizer, Computerworld
How It Works
Although the malware-hosting domain has changed, it's located at a Chinese IP (Internet Protocol) address, just like the one used in March, Hubbard said. "It also looks like they're using just the one [hosting] site, but changing the link within the JavaScript," he added, talking about an obfuscation tactic that the attackers have used before.
When a visitor reaches one of the hacked sites, the malicious JavaScript loads a file from the malware-hosting server, then redirects the browser to a different page, also hosted on the Chinese server.
"Once loaded, the file attempts eight different exploits," noted the Websense warning, including one that hits a vulnerability in Internet Explorer's handling of Vector Markup Language (VML) that was patched in January 2007.
Another security researcher, Giorgio Maone, who also develops the Firefox add-on "NoScript," said late Wednesday that although the U.K.-based sites appeared to have been cleansed of the malicious JavaScript, the U.N. sites had not.
Maone also said "I told you so" in his blog post yesterday. In an August 2007 entry, he had said that rather than fixing the underlying security problems on the UN site, the agency had simply deployed a "pretty useless" firewall that masked the most obvious attack surface.
Even the disinfected sites, however, could fall victim again, Maone maintained. "The sad truth, though, is that even those 'clean' sites are still vulnerable, hence they could be reinfected at any time," he said.
"Web site owners have to start securing their code," Hubbard agreed.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
- « Prev
- Page 2 of 2
"Hackers Jack Thousands of Sites, Including U.N. Domains" Comments