Thousands of websites have been compromised with malicious code
Authored by a Symantec employee
Symantec has recently identified thousands of websites that have been compromised with malicious code, which is used to redirect users to a compromised website. Of the compromised websites, 75 percent were located in the U.S. An injection attack relies on injecting data into a website in order to execute malicious code. It is then triggered when a user browses to the compromised website.
Luckily, Symantec did not identify any malware associated with this attack.
The websites injected with this threat can be of any type and target a variety of organizations, including the following:
- Business websites
- .edu websites
- Government websites
Once a malicious page has loaded in the user’s browser, the script waits 10 seconds and then runs code, which in turn runs additional scripts. These scripts can be used to collect the following information:
- Page title
- URL page address displayed by the browser
- Referrer—so the attackers know how the user ended up on the current page and to possibly collect information about search term queries
- Shockwave Flash version
- User language
- Monitor resolution
- Host IP address
It is likely that the attacks are reconnaissance, which is when hackers perform research to learn more about targets and utilize that information in a future attack. Think of it as if the attackers have made a spider web, but nothing has been caught in the web- yet. This is likely a set-up for future attacks. The possibilities for future attacks include the delivery of advertisements, or criminals modifying code in order to deliver malware to unprotected users.
How to stay protected:
In this particular case, the only protection is current Internet security software. Luckily, Norton Security protects against this threat.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.