Tuesday, August 25, 2009

Infected websites on Google &Yahoo

We all (or at least the majority of us) use Google and Yahoo to search the Internet - "Just google for it" has become the answer to most questions that cannot be answered. This is something that many hackers are using now to infect computers with malware (virus, bots, worms, etc).

The latest case now has over 64 thousand (see pictures, click to enlarge) websites that contain a so called "Iframe" (a reference to another website in a section of the page, that gets displayed) which points to a web server that tries to infect your computer.

Nowadays googling for something and clicking on a search result can easily result in malware infections. Counting on your Anti-Virus/Spyware tools to catch the attack is a gamble that you might loose. Most of the sites use zero-day (or close to 0 day) exploits for browser vulnerabilities. Microsoft sometimes needs months to fix such issues.

On the other hand organizations need to show more due diligence in patching such holes. It is part of the TOC of your Internet presence.

Some background information:
Mass infection turns websites into exploit launch pads
Free Antivirus Software
A grim day for browser security at hacker contest

1SSA - Security Consulting, Training and Products