How to Fend Off a New Kind of Cyber Attack

By Mikal E. Belicove|For|June 21, 2011

Welcome to your worst nightmare online. That business website you so painstakingly created, nurtured and made successful has just been poisoned in a nasty cyber attack. Known as Mass Meshing Injection, this type of attack attempts to overpower security measures aimed at detecting a previous type of cyber attack called Mass SQL Injection. Since the beginning of June, it’s affected thousands of business websites worldwide.

“In Mass SQL Injections, scripts or iframes are injected into innocent victim sites that cause the browser to load malicious content from the ‘redirectors,’ which are domains registered by the attacker,” Wayne Huang, chief technology officer at Armorize, wrote last week on the Web security firm’s Malware Blog.

“To defeat this,” Huang continues, “Mass Injection does the following: Every infected website contains a redirector script in the root directory; in this case it is example.js. This is an obfuscated script that will dynamically generate an iframe to the exploit server. It runs the BlackHole exploit and serves drive-by downloads.”

As a result, Huang writes, “Every infected website is injected, in their pages, with a script src tag pointing to another random infected website’s example.js.”

If all of that sounds like mumbo-jumbo, here’s a translation:

Continue reading How to Fend Off a New Kind of Cyber Attack