News Stay informed about the latest enterprise technology news and product updates.

McAfee discovers 10,000 malware-laced sites

McAfee is ringing the alarm bell over its discovery Wednesday of some 10,000 Web pages attackers have rigged with PC-hijacking malware. The security vendor says it’s one of the largest attacks to date of this kind.

Here’s what a company spokesman told me by email:

“The Web pages have all been modified with code that silently redirects visitors to another website laden with a malware cocktail that attempts to break into the user’s PC. The redirect and the attempted break-ins all happen unbeknownst to the Web surfer.”

The spokesman said compromised Web pages include those found on travel sites, government sites and hobbyist sites. The attack serves as a reminder that even trusted websites could be malicious.

“Often you hear warnings about not going to untrusted sites,” Craig Schmugar, threat researcher at McAfee Avert Labs, said in a statement. “That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited.”

Miscreants likely rigged the Web pages in an automated attack that included scanning the Internet for unsecured servers and subsequently planting a piece of JavaScript code that redirects to a site in China to serve up the malware, he said. The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC.

The malware that’s ultimately planted on the PC tries to steal passwords to online games. A back door also allows the subsequent installation of additional malicious programs. Cybercrooks have increasingly been targeting online gamers as items in virtual worlds and characters in games have now got real monetary value in the physical world.

McAfee first spotted this attack on Wednesday morning, March 12. Of the 10,000 pages that were compromised a number has already been cleaned up. A single entity is likely behind this attack, since the malicious code on all these pages was served up from the same server in China.

Be careful out there.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.