The attackers had compromised a series of pages which were then embedded with lists of popular search terms collected from services such as Google Trends or current news items. The same pages were then injected with obfuscated code that redirected to the attack page, which used fake alert boxes to convince the user to download and purchase the bogus security software for $50 (£34).
We've talked about compromised webpages on this blog before, and it's important to remember even well-known and trusted sites can be compromised. That's why it's important to make sure your end-users are browsing the web safely through a secure web gateway or proxy that has embedded URL blocking (that way they can get to the content they need without having to block the entire page), and scanning for malware and viruses. Equally important is real-time rating of URLs since risky sites are added daily to the world wide web.
No comments:
Post a Comment