eWEEK.com
Back | eWEEK.com | Search
Security

MyWebsense
 
Already logged in? (Go to MyWebsense)Existing Users:E-mail address:Password:(Forgot password?)
 
Keep me logged in First time users:
Please request a login:E-mail address:
Buy & Renew Find A Channel Partner
 
Choose a Region:NAEMEACALAAPACEnglish (US) Regional Sites
 
Receive eWeek news alerts on your mobile device.
 
Get the latest breaking news with mobile-formatted article links.
 
Click here to subscribe
 
Choose a Region:English (US)ItalianoEnglish (AU)Português (Brasil)English (UK)DeutschEnglish (India)日本語Español (LatAm)中国 (simplified) Français中國 (traditional) Search Search
 
Websense.com
All Websense.com Security Labs Alerts
Security Labs Blog Virus Search
OtherKnowledge Base Search

Home Products Evaluate Partners Security Labs SupportSecurity LabsOverviewBlogsReport Malicious Activity Alerts Attack Information CenterSecurity Effectiveness CenterAboutQUICK LINKSContact Security labsSign up to receive security alertsReport Malicious ActivityInsights
 
Latest Security Trends
 
 State of Internet Security - Research Highlights for Q3-Q4 2008 »
Super Cyber Crime Podcast »
Alerts
 
BOOKMARK THIS ALERT digg |  del.icio.us |  reddit
 newsvine |  furl |  technorati
 
Mass Injection Compromises More than Twenty-Thousand Web Sites
 
Date:05.29.2009
 
Threat Type: Malicious Web Site / Malicious Code
 
Websense Security Labs™ Threatseeker™ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites.
 
This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.
 
Screenshot of injected code in an injected site:
 
The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate. Websense® Messaging and Websense Web Security customers are protected against this attack. Subscribe to this feed »
About Us Careers Contact Us News Room Wireless --> Site Map Legal Information Privacy Policy©2009 Websense, Inc. All Rights Reserved.
 
 
eWeek | CIO Insight | Channel Insider | Baseline

 
© 2009 Ziff Davis Enterprise, Inc.
Mobilized by mDog.com