News

New malware ducks most AV, warns Websense

Warwick Ashford

Internet media company media-servers.net is the latest victim of a large-scale malicious code injection campaign by hackers, says security firm Websense.

"It is important to note that media-servers.net serves advertising content from ad.media-servers.net, and that this site is clean," said a security alert.

Thousands of legitimate websites have been compromised in the attack, which Websense Security Labs has tracked for months.

The researchers found that visitors to compromised websites unwittingly run an autoloading script as soon as the page is loaded.

This script runs a series of exploit code that targets vulnerabilities in several earlier versions of certain Microsoft utilities and Adobe software.

If the browser of a user's unpatched computer is exploited successfully, a malicious file is downloaded and run in the user's Windows home directory.

The malicious file has an extremely low anti-virus detection rate, according to the Websense researchers.

"Only two of forty anti-virus companies currently detect the malicious file once downloaded, said Carl Leonard, Websense Security Labs manager.

Security experts advise that real-time malware detection systems are likely to be much more effective against these kinds of attack than traditional anti-virus software.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy