Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say.
Close to 94,000 URLs had been infected by the fast-moving exploit, which redirects users to the uc8010-dot-com domain (Please DO NOT VISIT), according to this search. Security company Computer Associates was infected at one point, as were sites belonging to the state of Virginia, the city of Cleveland and Boston University.
Malicious hackers were able to breach the sites by exploiting un-patched SQL injection vulnerabilities that resided on the servers, according to Johannes Ullrich, CTO for the SANS Internet Storm Center. The injections included javascript that redirected end users to the rogue site, which then attempted to exploit multiple vulnerabilities to install key-logging software that stole passwords for various online games, he and other researchers said. Visiting uc8010-dot-com (Please DO NOT VISIT) set off a chain of redirections that tried to use patched vulnerabilities to install key-logging software. Ullrich said he observed the sites using an old RealPlayer vulnerability.
The site in question, uc8010-dot-com domain (absolutely not recommend ed for a visit) was registered in late December using a Chinese-based registrar, indicating the attackers were fluent in Chinese.
Close to 94,000 URLs had been infected by the fast-moving exploit, which redirects users to the uc8010-dot-com domain (Please DO NOT VISIT), according to this search. Security company Computer Associates was infected at one point, as were sites belonging to the state of Virginia, the city of Cleveland and Boston University.
Malicious hackers were able to breach the sites by exploiting un-patched SQL injection vulnerabilities that resided on the servers, according to Johannes Ullrich, CTO for the SANS Internet Storm Center. The injections included javascript that redirected end users to the rogue site, which then attempted to exploit multiple vulnerabilities to install key-logging software that stole passwords for various online games, he and other researchers said. Visiting uc8010-dot-com (Please DO NOT VISIT) set off a chain of redirections that tried to use patched vulnerabilities to install key-logging software. Ullrich said he observed the sites using an old RealPlayer vulnerability.
The site in question, uc8010-dot-com domain (absolutely not recommend ed for a visit) was registered in late December using a Chinese-based registrar, indicating the attackers were fluent in Chinese.
No comments:
Post a Comment