Friday, 14 March 2008

Another mass website compromise

Source: McAfee Avert Labs Blog

McAfee breaks the news of another mass website compromise being used to disseminate malware (similar to this earlier incident), which includes many reputable sites. "More than ten thousand" sites have been maliciously altered to include a Javascript file which triggers a cascade of attempts to install a mixed bag of malware. Frequency X suggests that the compromise vector was a combination of IIS+ASP+SQL.

1 comment:

The Famous Brett Watson said...

STAT Blog says that the threat has been overstated. The number of affected sites is much lower than reported, and most of the compromises are broken and ineffective.