Web Reconnaissance Attack Infects 3,500 Websites, Possibly WordPress

[steven36]

Attackers are adding unauthorized code at the top of infected websites, over 3,500 sites already infected

 

Alarms are ringing in Symantec's offices, as its research team has discovered a massive Web injection campaign that's currently infecting Web servers around the Internet.

According to telemetry data received from Symantec security products, the company's staff has identified a common pattern in the source code of many websites.

Since the beginning of the year, unknown attackers have started adding the same piece of JavaScript code to multiple websites that should not be connected in any way.

Symantec estimates this number to be around 3,500, with over 75% hosted in the US, and the rest in India, the UK, Italy, Japan, France, Canada, Russia, Brazil, and Australia. Most of the infected websites belong to private businesses, educational institutes, and government websites.

Automated scripts help attackers exploit the infected sites

"More than likely the attackers are using automated scripts to scan these websites so they can automatically exploit bugs and possibly inject malicious HTML code into the vulnerable sites," explained Christian Tripputi, Security Response Manager for Symantec.

The unauthorized code added at the top of the websites is not malicious, but Symantec says it's collecting private data on visitors, like user IP, page title, page URL, URL referral, Flash version, user language settings, and screen resolution.

The most simple explanation is that attackers are currently in the attack's early stage where they're collecting data on website visitors, which they will later use to select the appropriate attack type for each infected site's visitors base.

It would be extremely easy for attackers to replace the current unauthorized code with something more malicious that redirects users to an exploit kit, and from there, deliver banking trojans, adware or ransomware.

Is WordPress the victim?

Symantec said that the unauthorized code exploited only one "common content management system." In Symantec's security advisory, the company mentioned WordPress, but we could not determine if it was used as an example or WordPress was referred to specifically because of this current campaign.

Taking into account the huge collection of security vulnerabilities available in past WordPress cores, plugins, and custom themes, along with the fact that the WordPress market is still very much fragmented, the CMS does look like the prime subject. Being used on more than a quarter of the Internet also makes WordPress an attractive target for hackers.

Softpedia has contacted Symantec for more details and to confirm our WordPress suspicion.

 

 

Detection timeline for this mass Web injection campaign

 

 

More Info on This Can Be Found Here

https://community.norton.com/en/blogs/norton-protection-blog/thousands-websites-have-been-compromised-malicious-code

 

The Source

[Kalju]

Completely understandable, Norton's reputation has been quite a number of years very low.
The time has come to make an aggressive advertising.

[steven36]

1 hour ago, Kalju said:

Completely understandable, Norton's reputation has been quite a number of years is very low.
The time has come to make an aggressive advertising.

You dont got nothing better to do but troll  a company  when they find a serious issue like this?

 

You could say  that all paid anti-malware vendors have very low sales in reality  if you look at the martshare but Norton sells more better than rest of them paid ones .But the world mostly installs free anti-malware

https://www.opswat.com/resources/reports/antivirus-and-compromised-device-january-2015#antivirus-vendor-market-share

https://www.opswat.com/resources/reports/antivirus-and-compromised-device-january-2015#antivirus-product-market-share

http://www.statista.com/statistics/271048/market-share-held-by-antivirus-vendors-for-windows-systems/

 

I'm  not a Norton user myself  ive not used it since the early 2000s  but in Dennis Technology Labs test  they scored good ,  were Ive not tested it personally in many years  I'm not qualified to pass judgment on it ether way.

 

Symantec Norton Security with Backup  made  #1  in this review of 15 antivirus

http://www.pcadvisor.co.uk/test-centre/security/best-antivirus-for-pc-laptop-2016-uk-free-summary-3263332/

     We buy kaspersky Kis at my home we only get 3 pcs  with the key . Norton gives you 10 devices for like $10  less than KIS when you buy it. sounds to be the best buy for you're buck .

Quote

 

One of the best-known companies in the antivirus market, Symantec Norton has still got it. Norton Security with Backup offers 10 licences, covering all your devices, be they PCs or Macs, laptops, smartphones or tablets.

 

 

[straycat19]

steven36

 

Totally agree with your comments.  Having purchased Norton, KIS, and Bitdefender for testing, though they all perform well, Norton is the best bang for the buck.  I have had Norton on my wife's computer for years and it has protected her well, being she isn't computer literate.  After testing, we chose Norton Endpoint Protection for our corporate use.  This after having McAfee and Microsoft Security Essentials fail miserably in protecting our systems.  People without any credentials what-so-ever always want to chime in with their useless opinions based on nothing because they know nothing.

[Holmes]

I have seen test's where norton scored better then it used to mcafee and microsoft security essentials doesnt surprise me.  In two thousand fifteen norton kaspersky and bitdefender scored perfect scores on avtest.  I have had my suspicion that maybe norton is just getting better I wanted to believe test results are paid for I used to use norton antivirus back in late nineties early two thousands as a matter of fact I have a norton three point zero box unopened in my garage (its three point zero or four point zero).  I looked on Virus Bulletin doesnt have any tests results for norton and norton declined testing in two thousand twelve for av comparatives Im thinking they just werent ready.  The latest test's from dennis technology labs show the most accurate products are norton security kaspersky and ESET (ESET's anti-rootkit didnt used to be very good at all I dont know if they improved that or not).  Based on that last statement stray you sounded grouchy when you posted it lawls.  For your information I dont think he was trolling the company you perceived the statement incorrectly.

[VileTouch]

44 minutes ago, Holmes said:

I have seen test's where norton scored better then it used to mcafee and microsoft security essentials doesnt surprise me.  In two thousand fifteen norton kaspersky and bitdefender scored perfect scores on avtest.  I have had my suspicion that maybe norton is just getting better I wanted to believe test results are paid for I used to use norton antivirus back in late nineties early two thousands as a matter of fact I have a norton three point zero box unopened in my garage (its three point zero or four point zero).  I looked on Virus Bulletin doesnt have any tests results for norton and norton declined testing in two thousand twelve for av comparatives Im thinking they just werent ready.  The latest test's from dennis technology labs show the most accurate products are norton security kaspersky and ESET (ESET's anti-rootkit didnt used to be very good at all I dont know if they improved that or not).  Based on that last statement stray you sounded grouchy when you posted it lawls.  For your information I dont think he was trolling the company you perceived the statement incorrectly.

yes, norton used to be good until 2003. then again, times were different. mcaffee used to be good until 1998

[steven36]

46 minutes ago, VileTouch said:

yes, norton used to be good until 2003. then again, times were different. mcaffee used to be good until 1998

Since I got off windows XP in 2010 . I have very little issues regardless of what anti-malware  i use except for false positives  , I find AV software to be more of a nuisance  than a help for like 5 years . That's why i just use NOD32 v8 on windows very little false positives   and run scans with on demand programs from time to time and i always come up clean . Its just there just in case.

[Reefa]

As i have said before my opinion is every AV no matter what you use ain't gonna catch Zero days by the time your AV has updated a thousand more will emerge..It really is that simple ..Norton AVG Avast Eset it really doesn't matter..You the user needs to no the score..

[steven36]

Just now, F3dupsk1Nup said:

As i have said before my opinion is every AV no matter what you use ain't gonna catch Zero days by the time your AV has updated a thousand more will emerge..It really is that simple ..Norton AVG Avast Eset it really doesn't matter..You the user needs to no the score..

Yep my ad blocker,  script blocker , turning off flash,  when i dont need it,  etc are more important to me than any antivirus at all . Good habits ..After all over half  the time I'm on Linux ruining  nothing but a firewall and my browser security  .

[Reefa]

9 minutes ago, steven36 said:

Yep my ad blocker,  script blocker , turning off flash,  when i dont need it,  etc are more important to me than any antivirus at all . Good habits ..After all over half  the time I'm on Linux ruining  nothing but a firewall and my browser security  .

 Mate i only now use Ublock coupled with Bluehell FW.And a few scripts..Simply because My only worry is malvertising

And that is simply cause i like to watch streams..

[steven36]

1 minute ago, F3dupsk1Nup said:

 Mate i only now use Ublock coupled with Bluehell FW.And a few scripts..Simply because My only worry is malvertising

I block all cookies  to sites i dont sign into with cookie controller  , ublock origin , policeman , canvas blocker  and use some user scripts to prevent cross site hijacking and malvertising .

[Reefa]

Peeps you should listen to this fellow @steven36..If you worry About security..

[VileTouch]

1 hour ago, steven36 said:

I block all cookies  to sites i dont sign into with cookie controller  , ublock origin , policeman , canvas blocker  and use some user scripts to prevent cross site hijacking and malvertising .

not sure if your battery of addons allows  that, but Self Destructing Cookies allow cookies normally until the tab is closed. makes things work correctly while preventing any kind of cross site shenanigans.

[steven36]

43 minutes ago, VileTouch said:

not sure if your battery of addons allows  that, but Self Destructing Cookies allow cookies normally until the tab is closed. makes things work correctly while preventing any kind of cross site shenanigans.

I tired that addon  way back there  but  I rather  block all cookies by default  its really easy for me to  only to allow cookies 1st party only  on the sites  i sign in too With Cookie Controller .

 

Also I use this

Quote

 

Deleting Evercookies

Firefox settings

Within Firefox (or other browsers) you should enable a few options.

Go into your settings -> privacy and enable "Clear history when Firefox closes" and click on the extra button next to it. There you should enable at least "Cache" and "Cookies".

This will get rid of the cookieData, pngData, etagData and cacheData.

http://phersung.blogspot.nl/2013/06/how-to-defeat-evercookie-in-firefox.html

And i use this addon to delete lsos

https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/versions/

 

 

 

[Holmes]

I use firefox with noscript ghostery and adblock plus and I use malwarebytes anti-exxxploit premium for exploits and trend micros rubotted and keyscrambler premium for keyloggers Im content and im good Im fine.  I havent listed most of my toolkit (I can say there is like fifteen tools maybe twenty Ill post the names of the tools later) I use lawls.

[rahull]

6 hours ago, Holmes said:

I use firefox with noscript ghostery and adblock plus and I use malwarebytes anti-exxxploit premium for exploits and trend micros rubotted and keyscrambler premium for keyloggers Im content and im good Im fine.  I havent listed most of my toolkit (I can say there is like fifteen tools maybe twenty Ill post the names of the tools later) I use lawls.

Thats a lot man....you made solid defence arrangment...;)i use malware anti exploit and eset  ss and ublock origin.......