Sophos Warns of Malware Being Injected Into Legitimate JavaScript


According to Sophos' Paul Baccas, the company recently found that hackers have begun inserting malware into legitimate JavaScript being hosted on Web sites.

"The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript," Baccas writes. "In other words, if a user's anti-virus software did display an alert about malicious content, it might be shrugged off as a false positive and blamed on an unreliable detection of a legitimate piece of JavaScript code."

"Such techniques have been used recently to plant the Troj/iframe-JG Trojan on various legitimate websites, including the ones of a primary school from England, a London nightclub, an East African TV company, Italian community sites, and a US trade association of financial advisors," writes Softpedia's Eduard Kovacs.

"If you're not your site's Web developer, it's important to choose a good hosting provider, the researchers point out," writes Help Net Security's Zeljka Zorz. "Not only will they keep all the software and the (JavaScript) libraries updated, but they will also fulfill the obligation of checking the site periodically for compromises."