Report: Massive JavaScript Injection Attack Underway

LOS ANGELES – Computer security specialists Websense Security Labs have released details concerning a massive, malicious JavaScript injection attack that has compromised thousands of domains this month alone.

The incident follows a previous series of similar attacks last summer that also relied on JavaScript injection and used a similar toolkit to execute the attacks.

The total number of infected websites is estimated to be in the hundreds of thousands.

The infections are passed when a surfer visits a compromised website, whereupon the malicious code loads a file named 1.js which redirects visitors to a webpage named 1.htm which then launches eight different attacks on Microsoft applications, such as Internet Explorer installations that have not been patched against VML exploit MS07-004.

The malicious code caused further concern by referencing files named McAfee.htm and Yahoo.php, but those files seem to be no longer active.

The United Nations website, as well as those of the UK and Chinese governments has been successfully compromised by the current attackers, the Websense report claims, which also cites previous successful attacks on US-based news websites, an Israeli e-commerce portal, and many travel sites.

The attackers are defying attempts to thwart their assaults by switching the domains from which the attacks are launched.

Further concerns have been reported by SecuriTeam’s Tim Brown who claims that these attacks do not require JavaScript or the <script> tag to perform a successful injection and that once the attack succeeds, AJAX offers other avenues of attack that would succeed even on systems that had JavaScript disabled.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

LaBellaDX Launches New Site Through YourPaysitePartner

Content creator LaBellaDX has launched her new official website through YourPaysitePartner (YPP).

Clip Page Launches 'Creator Analytics' Feature

Custom content marketplace Clip Page has launched the Creator Analytics feature on its platform.

BBWXXXAdventures Relaunches Through Grooby's Blue.xxx

Paysite BBWXXXAdventures has relaunched under Grooby's new website management company Blue.xxx.

Flirt4Free Announces 'Tease the Season' Holiday Contest

Flirt4Free has announced its Tease the Season promo and model contest, which will run Dec. 21-25.The competition is led by the return of the Snowflake Contest, where models can be gifted digital snowflakes by their fans. The models who collect the most snowflakes by 11:59 a.m. on Christmas Day will win cash prizes.

SWR Data Publishes 2024 'Top Creator Platforms' Report

Adult industry market research firm SWR Data has published a report on the Top Creator Platforms of 2024.

MintStars Joins Pineapple Support as Supporter-Level Sponsor

Content platform MintStars has joined the ranks of over 60 adult businesses and organizations committing funds and resources to Pineapple Support.

Politicians Aim to Study Effects of FOSTA-SESTA on Sex Workers

In an encouraging sign for sex workers, California State Representative Ro Khanna and U.S. Senator Elizabeth Warren of Massachusetts have reintroduced the SAFE SEX Workers Study Act, which aims to study the effects of FOSTA-SESTA.

Pornhub to Shut Down Access in Florida Over Age Verification

Aylo will geoblock Pornhub across Florida starting Jan. 1, when HB 3, the state's age verification law, goes into effect.

AEBN Publishes Popular Searches by Country for October, November

AEBN has released the list of popular searches from its straight and gay theaters by country in October and November.

Jacquie et Michel Acquired by 'International Fund'

French adult studio Jacquie et Michel has been acquired by an international fund, marking a significant development for the well-known brand.

Show More