Websense researchers recently found that the Web site Trading Forex, at tradingforex.com, has been injected with a malicious Java applet designed to install malware on visitors' systems.
"The company has raised the prospect that such an attack may constitute a shift in the way some cyber criminals work, suggesting they may now be looking to attack easier targets with online systems and less mature security systems, compared to banks and stock exchanges," writes IT PRO's Jane McCallion.
"The Java applet planted on the website attempts to install a malicious executable written in Visual Basic.Net and requires ... Microsoft's .NET framework to be successfully installed and running on a victim's computer," writes The Register's John Leyden. "This is an unusual approach. Hackers intent on distributing malware through compromised websites often use pre-packaged tools, available through underground forums, most notably the widely used Blackhole Exploit kit."
In an interview with The Register, Websense senior security researcher Elad Sharf said it's not clear why the attackers took this approach. "One of the likely reasons is that the 'Blackhole exploit kit' costs money either to rent or buy," he said. "On the other hand, the attack vector that was used on that Web site can be created with tools that are available for free."