Mass Hack Hits 200,000 Web Pages

New exploit differs significantly from last week's ASP-oriented attacks, McAfee says



Another variation on a recent hacking theme: McAfee is reporting another mass attack on Websites, this one using JavaScript.

The new attack already has hit some 200,000 Web pages, mostly those using phpBB technology, McAfee's Avert Labs research arm reported in its blog.

After a long trend toward targeted exploits, hackers appear to have rediscovered the mass attack, researchers say. Two weeks ago, researcher Dancho Danchev reported a number of attacks on ZDnet sites via iFrame. Then last week, McAfee reported a mass attack that infected more than 10,000 Websites (See McAfee Warns of Mass Web Attack.)

The previous attacks targeted Active Server Pages (.ASP), but the new attacks focus on JavaScript and phpBB, McAfee said.

"The ASP attacks are different than the phpBB ones in that the payload and method are quite different," the blog stated. "Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering." The new attack can best be described as a Trojan, the company said.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service