Nowadays it is usually taken for granted that we can only get infected if we visit malicious websites or run files coming from untrustworthy sources. However, lately we have detected several cases in which by exploiting vulnerabilities in the web servers malicious code can be introduced in the websites hosted in them.
Therefore, we might come across trustworthy websites which contain malicious code introduced by a cyber-crook.
The following is one piece of code we found introduced in certain websites:
It must be noted that up to now the number of websites that contain this piece of code are approximately 282.000.
This malicious script of the web, known as iframe, contains instructions that will be interpreted by the browser, redirecting it to a web or to the downloading of a malicious file.
The instructions it contains are the following:
In this particular case, the user will be redirected transparently to a URL which will check if our system is protected against certain vulnerabilities. If any vulnerability is found, our computer will get infected with malware.
These are some of the vulnerabilities exploited to install malware in our computer:
MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution
MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution
MS07-033 Cumulative Security Update for Internet Explorer
MS07-055 Vulnerability in kodak Image Viewer Could Allow Remote Code Execution
This implies that in spite of browsing through safe websites, we can come across legitimate web pages whose code has been previously modified in order to infect our computer.
That’s why we recommend you to check the updates of your operating system.
Posted under Malware Alerts
This post was written by Ted on April 25, 2008
