Report: Mass Injection Attack Affects 40,000 Websites

Exploit appears similar, but unrelated, to Gumblar, researchers say

Dark Reading Staff, Dark Reading

June 2, 2009

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site.

According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site.

"The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites," the report says. "This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign."

The report indicates the exploit had infected some 20,000 sites, but researchers this afternoon told reporters the figure is now closer to 40,000.

Like Gumblar, the attack redirects users who conduct searches on popular Websites and search terms. The browsers are routed through a statistical server and then onto the Beladen.net site, a well-known carrier of malware.

Websense researchers suspect the exploit might be driven by the Russian Business Network, which is the home of the first statistical site that users are redirected to.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights