Hackers Target Legitimate Sites

Hackers target 'legitimate' sites
20 June 2007

More than 10,000 websites have become unwitting hosts of malicious software, say security experts.
Those visiting the hijacked pages risk having keylogging software installed on their PC if it is not protected with the latest patches.

The webpages compromised are all legitimate sites devoted to subjects such as tax, jobs, tourism and cars.

The sites are thought to have been booby-trapped using a malware kit, called MPack, sold commercially online.

Hacked host

The MPack kit was first discovered by Panda Software in May 2007 and is now implicated in infections on more than 160,000 computers.

The kit, put together by Russian hackers, can be bought for $1,000 (£503) and the price includes a year of technical support.

Using the kit, budding hi-tech criminals can churn out code that exploits the latest vulnerabilities in widely used web browsers that work on Windows.

The latest round of infections using MPack is thought to be one of the most successful.

It is believed to have started when malicious hackers got access to one of Italy's largest website hosting companies and seeded servers with the code that attacks anyone visiting those sites.

Security experts say the attack code is "browser aware" and will tune its attack depending on the web browsing software used by a visitor. Attack code is present for Internet Explorer, Firefox and Opera.

Following the initial outbreak in Italy, booby-trapped sites are now turning up in Spain, the US and many other nations.

The new outbreaks come about as the attack code is inserted on more and more legitimate websites.

Hundreds of thousands of users are thought to have been caught out by the infection.

Many anti-virus companies have already updated their security software to defend against the attacks used in this outbreak.

BBC News