According to an article over on ComputerWorld
quoting Internet security firm Websense
, a large number of websites have fallen prey to the attack – and are attempting to infect the PCs of visitors.
This malware is somewhat smarter than average, however: should the automated infection process fail – as would be expected on a fully-patched system – the site displays a warning that the PC is infected with malware which, amazingly enough, the site is able to cure if you would just download a free little program...
The root domain hosting the malicious code is hosted in the Ukraine, favourite hiding place of the criminal gang the Russian Business Network – a group which was thought to have dissolved some months back.
Although the initial infection vector is not known, it's thought that the 40,000 affected hosts were compromised by the traditional method: SQL injection attacks. The sheer volume of websites affected by the attack points to an automated system, rather than targeted attacks by individual crackers.
As usual, the advice is to ensure that you keep your system – and especially your browser – up to date in order to protect yourself from these threats. Firefox users can also make use of the NoScript
addon – although this doesn't protect the gullible from the social engineering aspect of the attack.
Have you noticed any dodgy-looking 'Google' pages trying to convince you to download suspicious software, or is 40,000 infected sites merely a drop in the ocean and nothing to worry about? Share your thoughts over in the forums