Hackers have compromised as many as 40,000 legitimate web sites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site, eWeek reports. Researchers at Websense are reporting a mass compromise. Although Websense would not name any of the compromised sites, researchers said the victims did not include any "big-name government or business sites." The compromised sites are redirecting users to typo-squatted misspellings of legitimate Google Analytics domains. From there, users are redirected to the malicious Beladen.net site.  "The Google Analytics site serves as a statistics keeper, and the Beladen site is used to host the exploits," said Stephan Chenette, manager of security research for Websense Security Labs. "It analyzes the end-user PC and attempts to exploit several different unpatched vulnerabilities. … If none of the unpatched vulnerabilities exist, it delivers a popup claiming that the PC is infected in an attempt to trick the user into installing rogue anti-virus software." Just how the legitimate web sites are being compromised is unclear, though Websense researchers speculate that it is a SQL injection issue…

Click here for the full story

About the Author:

eSchool News


Add your opinion to the discussion.