back to article Drive-by download attack mows down thousands of websites

Miscreants are exploiting website vulnerabilities to booby-trap thousands of legitimate sites. The mass attack, thought to be the work of hackers based in China, hit between 2,000 and 10,000 Western servers at the end of last week alone, Russian net security firm Kaspersky Labs reports. Most of the hacked sites run Microsoft …


This topic is closed for new posts.
  1. Anonymous Hero
    Paris Hilton

    Lazy journalism...

    "Most of the hacked sites run Microsoft ASP technology and are thought to have been hit either using SQL injection attacks "

    John this is another attempt at lazy sensationalist journalism to put MS in the security spotlight for a security issue that can't actually be pinned on them for once. As a hoster we're seeing both ASP+MSSQL on Windows *AND* PHP+MySQL on Linux sites being targetted equally.

    Yet again you fail to mention that the reasons for sites being susceptable to these compromises is shoddy scripting practices by the web site developers, not a flaw in the technology.

    Paris, because she prefers the hot beef injection....

  2. Nexox Enigma

    Notorious, eh?

    "Notoriously wobbly" may be the best way that anyone has ever described ActiveX. Or anything at all.

    Writing like that is what keeps me coming back to El Reg. That and years of deeply engrained habit. But mostly it's the writing.

  3. Inachu


    This week I'll just use my home pc to just play the game and not browse the internet then.


    Bad hordehackers bad!

  4. BlueGreen

    blocking it

    It would have been good if you'd directly mentioned the sites in the kaspersky report in the main story, and recommended blocking them (hosts or whatever). So to quote therefrom:


    The link leads to Java Script located on one of six servers – these servers act as gateways for further redirecting of requests. We’ve identified six of these gateways and they’ve been added to the blacklist in our antivirus:







    If you’re an admin, you should block access to these sites.

    Visiting one of the sites results in a secret redirect to a malicious server called which is located in China. Exploits are then used to launch an attack on the user’s machine.


    Or noscript is spiffing. Shame idiot sites use scripting at all, innit?

    If anyone can help, why can't these things be blocked at the root dns level. I know it's not immediately effective as it takes time for the dns record (whatever it's called) to trickle down to non-root (whatever they're called) dns servers, but it's something, surely?

  5. Anonymous Coward

    "World of Warcraft login credentials"

    So, only the anoraks are affected then?

  6. Alistair

    Wrath of the Litch King indeed

    Gee -- guess the Gold Farmers are planning on uppin the ante in Litch King.

    have had our apps folks beaten up yet again over crap like this on our webservers - thankfully they've finally started to make progress on fixing cruft code.

    Helps when the auditors insist on independent vulnerability testing. Better when the testers note that the network and OS layer are just about as solid as can be.

    Now -- me n my Gentoo x86_64 and wine are off to eat some hordies in EOTS. And wait patiently for our midnight release copy ......

  7. Anonymous Coward
    Thumb Up


    Your name wins the thread.

  8. Turgut Kalfaoglu
    Gates Halo

    Using windows for serious work

    It's a big mistake to use Windows to do any "serious" work on the computer.

    With all its flaws, it's a matter of time before either their work is wiped, their mailboxes trashed (since most users use outlook express), and their computer hacked - and therefore their bank accounts cleaned.

  9. Anonymous Coward
    Thumb Up

    phishing for domain login details

    I had a new type of phishing email a couple of weeks ago which told me my domain site mailboxes were full, and asking me to login with my domain management login details. Looked very good - and made me think for a minute or two before I deleted it - I don't have mailboxes, only mail forwarding, and of course the headers and links were all wrong. I wonder if this was connected in any way with this article's content?

This topic is closed for new posts.

Other stories you might like