Mass Infection Turns More Than 57000 Websites Into Exploit Launch Pads

--

By: --
Tags: --
Malicious hackers have managed to infect about 57,000 web pages with a potent exploit cocktail that targets a variety of vulnerable applications to surreptitiously install malware on visitor machines.
The exploits install an assortment of nasty software, including Gologger, a keystroke logging trojan, and a backdoor that attempts to connect to a website hosted in China, according to Mary Landesman, a researcher at ScanSafe, a company that protects end users from malicious websites
The attackers were able to plant a malicious iframe in the pages by exploiting SQL injection vulnerabilities. Once in place, the script silently pulls down javascript from a0v.org that silently runs while people are visiting one of the infected websites.
--

Do yourself a favor, disable javascript by default.

That would make for a pretty boring and unusable browsing experience though...

There is a little button that allows me to choose when, and what, to enable. In this way I can enable streaming video without enabling spam, for instance. It is pretty useful.

Do you use "noscript" for firefox?

"noscript" plugin for firefox is really effective in blocking scripts. I use it on every system in y network.