Internet media company media-servers.net is the latest victim
of a large-scale malicious code injection campaign by hackers, says
security firm Websense.
"It is important to note that media-servers.net serves
advertising content from ad.media-servers.net, and that this site
is clean," said a
security alert.
Thousands of legitimate websites have been compromised in the
attack, which Websense Security Labs has tracked for months.
The researchers found that visitors to compromised websites
unwittingly run an autoloading script as soon as the page is
loaded.
This script runs a series of exploit code that targets
vulnerabilities in several earlier versions of certain Microsoft
utilities and Adobe software.
If the browser of a user's unpatched computer is exploited
successfully, a malicious file is downloaded and run in the user's
Windows home directory.
The malicious file has an extremely low anti-virus detection
rate, according to the Websense researchers.
"Only
two of forty anti-virus companies currently detect the
malicious file once downloaded, said Carl Leonard, Websense
Security Labs manager.
Security experts advise that
real-time malware detection systems are likely to be much more
effective against these kinds of attack than traditional
anti-virus software.