Web thieves rig thousands of pages in massive attack

McAfee, which first spotted the attack yesterday morning, says the objective is to hijack the PCs of unsuspecting web surfers, using web pages that have been modified to redirect visitors to malware-laden sites that then attempt to hack into their PCs without their knowledge. The organisation says that compromised web pages include pages on everyday sites, such as travel sites, government websites and hobbyist sites. “Often you hear warnings about not going to un-trusted sites,” comments Craig Schmugar, threat researcher at McAfee Avert Labs. “That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited.” Cyber-criminals are using automated attacks, he says, that include scanning the Internet for unsecured servers and planting a piece of JavaScript code that redirects to a site in China that in turn serves up the malware.