We were recently able to analyze a certain attack that compromised numerous e-commerce websites in order to steal credit card information from potential customers.
The affected websites were found using osCommerce, an open source e-commerce solution that allows users to easily manage their online shops.
Based on our analysis, more than 90,000 pages were compromised. The attackers inserted an iframe that leads to certain URLs in each of these sites, triggering several redirections. The redirections finally lead to an exploit kit that ...
We're currently monitoring a still-ongoing mass compromise involving a great number of websites. The compromised sites have been injected with a malicious script that triggers redirects to certain URLs that lead to malware such as FAKEAV.
Based on Google searches, there is no common denominator in terms of the industry to which the compromised sites belong. We saw compromised websites related to astronomy, clubs, hospitals, sports, funeral homes, electronics, and others.
More URLs Involved
Investigations revealed that five URLs were used for the attack and ...
Late last year, we talked about how fake system diagnostic tools were becoming the next step in the evolution of FAKEAV malware. These variants started to affect Japanese users as well.
Fake system diagnostic tools such as this variant named System Defragmenter were first discovered in October 2010. These tools very frequently change their names. At present, we are aware of at least 30 different names/aliases that these tools use. Cybercriminals may believe that changing their products' names makes detecting and ...
Earlier today, we found that the website of the Amsterdam-based record label Kaiserlabel was compromised and used as a FAKEAV doorway.
The compromised page (shown in Figure 2) was injected with a search engine optimization (SEO) kit leveraging certain topics. In addition, we also found spamdexed content that was specifically prepared for the upcoming Black Friday holiday event in the United States.
Figure 3 below shows the search keywords used in the compromised page.
Visiting the compromised site leads users to redirection chains ...
Recent reports noted the spread of malware targeting multiple computing platforms. In a recent incident, Macs appear to have been specifically hit with a new variant of the KOOBFACE worm family. (KOOBFACE is a notorious family of malware that primarily spreads via social networking sites like Facebook.)
However, these particular incidents are not actually isolated attacks. Rather, these only form the tip of the iceberg of several attacks involving compromised and malicious sites. Cybercriminals are increasingly making browser and OS detection ...
