Mailinglist Archive

Legitimate sites serving up stealthy attacks
Robert Lemos, SecurityFocus 2008-01-14

The attack, dubbed the "Random JS toolkit" by the security firm,
currently uses dozens of hosting servers and more than 10,000
legitimate domains to attempt to exploit the systems of visitors to
the sites, the company said in an analysis posted to its Web site. The
compromised sites host the malicious code -- foregoing the iframe
redirect that has increasingly been used by attackers -- and serves up
the attack to each visitor only once using a random file name each
time. The two techniques, along with more traditional code
obfuscation, makes the attack difficult to find, said Yuval
Ben-Itzhak, chief technology officer for Finjan.

http://www.securityfocus.com/news/11501?ref=rss