Jump to content


Photo

Malware injected into legitimate JavaScript code on legitimate websites

JavaScript

  • Please log in to reply
No replies to this topic

#1 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 February 2013 - 06:36 PM

Malware injected into legitimate JavaScript code on legitimate websites

 

As recently mentioned in the Sophos Security Threat Report, 80% of the websites where we detect malicious content are innocent sites that have been hacked.

A trend that we have observed is that hackers will insert their malicious code into legitimate JavaScript (not to be mixed up with Java!) hosted on the website.

The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript.

In other words, if a user's anti-virus software did display an alert about malicious content, it might be shrugged off as a false positive and blamed on an unreliable detection of a legitimate piece of JavaScript code.

Recently SophosLabs has seen a flurry of detections of Troj/Iframe-JG on legitimate websites, including:

  • Primary School websites in England
  • Small community websites in Italy
  • A nightclub website in London
  • The website of an East African nation's TV company
  • The website of trade association of Financial Advisors in the US

One affected website that I tried to contact was that belonging to the headphone manufacturers Fanny Wang....


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button