TrendLabs received reports that several Web sites in Japan — including a popular music download site and a music company site — have been found injected with malicious code.
As we have been learning the past few days, getting hacked is becoming a—sadly—more frequent, but no less dangerous, threat for Web site owners. More importantly, users browsing these compromised sites are put in harm’s way, as hackers inject these codes to eventually plant backdoors and spyware in users’ PCs.
Analyses by our engineers reveal that these compromises are actually related to previously reported mass SQL injection attacks. Three distinct malicious domains have been identified, all of which lead to the download of malicious files on the affected system.
They are the following:
- nihaorr1(dot)com
- bluell(dot)cn
- 9i5t(dot)cn
We call them “known malicious domains” because we have seen already these in the attacks that we blogged about here and here. Apparently the reach of these attacks is growing wider, suggesting indeed that an automated tool is being used to seek out vulnerable sites that can then be hijacked to redirect users. And the scarier implication: that no weakly-coded site is safe.
These domains, needless to say, have already been blocked by our Web Threat Protection technology, one even as early as April 24, when it was first seen to be involved in these malicious stunts. Trend Micro users are thus protected from this attack. Other users are advised to be wary when surfing the Internet, and make sure that their endpoint security products and security patches are up to date.
