22 January 2008
Readers will have probably read about the series of sites that have recently been compromised with something a little more sophisticated than the regular attack [1,2]. Over the past week or so, aside from ensuring the appropriate detections are in place, we have been trying to track down more information about the attack.
So what is it about these attacks that makes them sophisticated?
malicious content is served up apparently randomly - requested pages from a compromised web server will only sometimes contain the malicious script tag. In contrast to the bulk of kit-created attack sites, this attack does not appear to monitor the requesting IP address. Malicious content may be delivered multiple times to the same client.