Code hidden in
legitimate websites is now the weapon of choice being used by
cybercriminals to pass on malware to unsuspecting users, says
security firm
Finjan.
Researchers at Finjan's Malicious Code Research Centre have
notified US media company CBS that one of its online pages has been
compromised in this way.
"The injected script then dynamically injects an
IFrame that pulls malware from a remote server locating in
Russia," said Yuval Ben-Itzhak, Finjan's CTO.
Finjan has taken the criminal server offline, but the attack
confirms that code hidden in legitimate websites poses a serious
threat to internet users, he said.
According to Finjan, the use of
obfuscated code or code written in such a way as to make it
difficult to detect, is increasing.
Such code is effectively hidden in legitimate websites because
the function of the code is not clear because of the way it is
written and it by-passes traditional signature-based malware
detection methods.
The attack on the CBS website highlights that no website can be
totally secure against a system hack and consequent infection of
visitors' PCs, said Ben-Itzhak.
Finjan said all businesses should install a secure web gateway
to protect valuable data from being compromised by malware and
conduct regular malware detection audits.
All users are advised to exercise caution when visiting Web 2.0
enabled sites such as social networking sites and not to rely on
signature-based security software.
The best defence against this rapidly growing attack method is
to use proactive, behaviour-based IT security technology that
analyses every piece of content.