The United Nations and United Kingdom government Web sites have fallen victim to a widespread malware attack that have infected hundreds of thousands of legitimate sites worldwide.
Researchers at Websense Security Labs issued a security advisory on the company's Web site Tuesday warning users of the attack. Researchers first detected initial malware strains last week, however the amount of affected pages began to rise exponentially on Monday and Tuesday, Websense security experts said.
The attack is similar to many others that use legitimate Websites to distribute malware, experts say. This time, users visiting the infected sites will unknowingly download a malicious file that attempts to deliver a combination of eight different exploits with the intention of stealthily infiltrating machines and installing information stealing malware.
The latest attack against the U.N. and other well-trafficked sites reflects a growing trend in which attackers take advantage of vulnerabilities in security solutions, experts say. "Attackers are using good sites or sites with good reputations in order to infect users," said Dan Hubbard, VP of security research for Websense. "It's kind of an evolution from the attacker standpoint. They now have another good arsenal to infect people, along with the other ones."
"Obviously it's difficult to stop. People are used to visiting these sites," he added.
Hubbard said that the malware served from some of the high profile sites, such as the U.N. site, has already been sufficiently shut down. However, many other sites remain unaddressed and are continuing to distribute malicious payloads.
While experts are uncertain about the exact number of infected users, they maintain that the attack methodology relies on a numbers game. By injecting malicious code into hundreds of thousands of well-trafficked and legitimate Websites, attackers can guarantee that they'll acquire millions of potential victims before the attacks are discovered and eliminated.
Websense researchers say that the attack is similar to one that appeared at the beginning of the month which compromised thousands of Internet domains, including numerous high-profile US news and travel Websites. Researchers believe that the attackers have now switched over to a new domain as thie hub for hosting the malicious software.
"This is the third or fourth version of (the attack)," said Hubbard. "There's a little ebb and flow, but there's no consistent trend that you can predict for anything like this."
To protect themselves, experts recommend that businesses invest in a real-time solution that allows users to connect to sites that are considered safe -- a technique known as whitelisting.