Hundreds of thousands of hacked websites spreading scareware

1 April 2011

Using an automated SQL injection attack, criminals have embedded links to domains carrying scareware in hundreds of thousands of websites. In some cases, visitors to an infected website see an additional page that pretends to be anti-virus software and claims to have discovered an infection on the user's system.

What is not clear is how often the criminals succeeded in embedding the links so that they actually work. The scattergun approach taken by the SQL injection attack on the content databases of content management systems has meant that in many cases the links were placed in fields such as the title tag which are not interpreted when the page is displayed and are therefore never called. According to Websense, the URLs were also found in some URLs for iTunes podcasts, possibly via modifications to RSS feeds from the vendors in question. Here too the attack carries no threat, as the browser does not interpret the injected links. the rest

Mass 'scareware' attack hits 1.5M websites, still spreading