McAfee Warns of Mass Web AttackMcAfee Warns of Mass Web Attack
At least 10,000 pages affected, researchers warn
March 13, 2008

McAfee has uncovered a script injection attack on some 10,000 Web pages, apparently designed to help attackers steal passwords from online gamers.
"This attack involves injection of script into valid Web page to include a reference to a malicious .JS file (sometimes in the body, other times in the title section)," said McAfee's Avert Labs in a blog. "The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several [existing] vulnerabilities."
"This is one of those cascading threats, where one page leads to another and another, which leads to an executable, which leads to another and another," McAfee said. "At least one of the payload Trojans targets online gamers."
The attack appears to emanate from China, according to McAfee.
The approach is similar to the attack that hit the Miami Dolphins and Dolphins Stadium before the Super Bowl, McAfee says. The Web pages appear to be unaltered, but the attackers inject a small amount of code that redirects the browser to a malicious site.
The site then loads a password-stealing Trojan on the user's machine that can find passwords to popular online games, McAfee says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023