Beware the innocent web site

PC World reported yesterday about the latest malicious attack on innocent websites (see Web Attack Worm Infecting Hapless Sites by Erik Larken). While this particular story is news, the concept is old - there is no safe neighborhood on the Internet.

The websites that have been infected with this particular brand of malicious software are, very likely, innocent bystanders. Their crime is simply being hosted in an environment with buggy or mis-configured software.

If you have your own website, EriK Larkin has an excellent suggestion, run a Google search on the entire site to look for this malware infection. Specifically, do a search like

    site:mywebsite.com winzipices.cn

Needless to say, replace "mywebsite.com" with the name of your website. It is important that there not be a space after the colon. Hopefully, as shown below, the search finds nothing.

To see infected websites, search for "winzipices.cn". However, do not visit any of these infected websites.

Alex Eckelberry, of Sunbelt Software (the company behind CounterSpy), has been writing recently about hacked websites at iPowerWeb. See Problems at iPowerWeb? and The iPowerWeb Chronicles: Problems persist. Yet, in early April, StopBadware said that iPowerWeb is much improved in terms of protecting the sites they host.

Not to pick on any particular hosting company, the important issue is that websites with no ill intentions, can still end up installing malicious software on your computer. And yes, Macs and Linux are safer from malware infestation, but not from the porn Alex turned up, and not from scams.

Shadowserver has more technical details on this latest exploit.

See a summary of all my Defensive Computing postings.