Websites hosted at Go Daddy under siege in mass injection attacks. Security researchers warn that Web sites hosted at Go Daddy have been targeted in mass injection attacks, that add rogue code to their pages and direct visitors to scareware.
This is the third wave of attacks in recent weeks affecting Websites hosted by the company. “As of 4 a..m. Pacific, November 3, we’ve received various reports of another related outbreak of exploited sites on GoDaddy,” researchers from Web integrity monitoring vendor Sucuri Security warn. The compromised sites get base64-encoded code added to all of their php files. When parsed, this code injects rogue JavaScript content into the resulting page. In addition to hitting Go Daddy, these attackers launched similar campaigns against other hosting companies around October 21.
Many of the external domains used in the attacks are registered under the name of Hilary Kneber, an alias associated with many cybercriminal operations, including the notorious ZeuS banking trojan. The malicious JavaScript code forces visitors’ browsers to load additional scripts from external domains, which in turn redirects them to pages displaying fake antivirus scans and pushing scareware.
Despite these attacks beginning the weekend of October 30 and 31, some of the rogue domains are still up and serving scareware. Sucuri has created a free clean-up script, which affected Web masters can download and execute.
Source: http://news.softpedia.com/news/Websites-Hosted-at-GoDaddy-Under-Siege-in-%20Mass-Injection-Attacks-164536.shtml
No comments:
Post a Comment