Javascript injection claims UN and UK government sites

Legitimate Web sites once again targeted in the mass browser attack.

A CNET Google search reveals sites still infected as of Tuesday noon.

Comparisons between two mass Javascript injection attacks suggest they may be related, according to a security company. The latest attack has compromised various sites including one United Nations and several UK government sites with links to malicious servers.

On Tuesday Websense reported seeing distinct similarities between attacks staged earlier this month and over the weekend. Specifically, they cite the use of the same tool to execute the attack being resident on the malicious server. Last summer various groups used the MPACK toolkit to propagate a similar series of Javascript injections.

Javascript injections are browser attacks and require no more effort than appending a script tag to the end of the URL. If a legitimate site is vulnerable to script injection, an attacker can add a script tag to the Web-facing page of the site so that subsequent views will automatically download whatever content is within the script tag. Often the script tag contains calls out to a malicious server.

A user need only stumble upon a compromised site to become infected. In this case, when viewing a compromised site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.

As of Tuesday, two other files named McAfee.htm and Yahoo,php were no longer active.

A quick review by CNET News.com found that travel and academic sites continue to host the injected Javascript code.

Tags:
Security
About the author

    As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.