How to hack 200.000 sites at a time using social engineering

Posted by Alex on 18th, 2008

trojan_horse.jpgA few weeks ago, a hack in which 10,000 sites were compromised was discovered. However, that’s small compared to what happened last week.

Researchers at McAfee have disclosed a new large scale attack. A huge one. That the attack has been active for about one week, and in that time frame has managed to place itself on roughly 200,000 web pages.

The compromised pages are embedded with a Javascript file that links to the site hosting the attack. The infected pages popup a pr0n site. When loading the page, a fake codec social engineering attack is attempted. The user is told that in order to view the movie on the page, a special video codec must be installed. The user then downloads a trojan which installs a malware package on the users system then delivers a fraudulent error message telling the user that the supposed codec could not be installed.

To use this social tactic, the hacker(s) had to use social sites - most of the infected pages are running the phpBB forum software. This way, instead of trying to exploit browser vulnerabilities, the attack attempts to trick a user into manually launching its malicious payload.

Popularity: 5% [?]

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Some related posts

RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
Subscribe to comments via email
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.


Search


Add to Technorati Favorites

Subscribe with Bloglines

  • Recent Posts