Authored by a Symantec employee

 

Symantec has recently identified thousands of websites that have been compromised with malicious code, which is used to redirect users to a compromised website. Of the compromised websites, 75 percent were located in the U.S. An injection attack relies on injecting data into a website in order to execute malicious code. It is then triggered when a user browses to the compromised website.

Luckily, Symantec did not identify any malware associated with this attack.

The websites injected with this threat can be of any type and target a variety of organizations, including the following:

  • Business websites
  • .edu websites
  • Government websites

Once a malicious page has loaded in the user’s browser, the script waits 10 seconds and then runs code, which in turn runs additional scripts. These scripts can be used to collect the following information:

  • Page title
  • URL page address displayed by the browser
  • Referrer—so the attackers know how the user ended up on the current page and to possibly collect information about search term queries
  • Shockwave Flash version
  • User language
  • Monitor resolution
  • Host IP address

It is likely that the attacks are reconnaissance, which is when hackers perform research to learn more about targets and utilize that information in a future attack. Think of it as if the attackers have made a spider web, but nothing has been caught in the web- yet. This is likely a set-up for future attacks. The possibilities for future attacks include the delivery of advertisements, or criminals modifying code in order to deliver malware to unprotected users.

How to stay protected:

In this particular case, the only protection is current Internet security software. Luckily, Norton Security protects against this threat.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.