Security researchers at McAfee have uncovered one of the biggest attacks of its kind to date, with some 10,000 web pages which had been rigged to entrap unsuspecting visitors.
Although the infected web pages look the same as they always did, under the hood the cyber-crooks had added some redirection JavaScript code to drive them to an invisible attack launched from China-based servers according to McAfee Avert Labs. Upon successful redirection, the exploit will install a password-stealing program on the user's computer.
A variety of web pages were found to have been compromised, including travel, government and hobbyist sites. "Often you hear warnings about not going to un-trusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs. "That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited."