Massive Web Exploit Emerges
More than 10,000 compromised servers are redirecting unsuspecting visitors.
Most of the compromised sites -- 78 percent in total -- are in Italy but it is spreading around the world, according to Paul Ferguson, network architect with antivirus vendor Trend Micro. The compromised sites aren't the usual suspects, like porn, music swapping or piracy, but are legitimate sites for news, entertainment or information.
Because so many computers were hit at once, he suspects the bad guys behind it found a way to automate distribution of the payload.
This hack involves more than 10,000 compromised sites, meaning some manner of automating the process of distributing the code was done, said Ferguson.
The compromised sites examine the visitor's system and determine what if any vulnerabilities exist on the system. They are then redirected to a computer with a malicious payload that takes advantage of the unpatched system.
"For systems that are completely patched, they are pretty much not at risk, but there are millions of consumers out there not [fully patched]," Ferguson told internetnews.com. "It used to be we could tell customers only go to Web sites that are trusted. Unfortunately in this situation, that advice doesn't hold water because it's so broad."
As if 10,000 compromised Web sites isn't enough, victims are redirected to sites hosting a new and improved version of WebAttacker, a do-it-yourself malware kit that makes it relatively easy to build exploits, Trojans, keyloggers and other malicious software.
While most of the compromised Web sites are in Italy, Ferguson said most of the sites hosting WebAttacker are in the U.S. However, Trend Micro has not been able to reach the site administrators and has enlisted the help of law enforcement, so those sites owners will be receiving a visit from their local authorities shortly.