Thursday, January 29, 2009

Injection Attacks Continue

In my line of work I come across websites that have been hacked and code is injected leading to a website loaded with malware ready to take advantage of people who don't patch their PC's. Today was the website executivehomemaker.com. Hidden inside this legitimate site is a redirect to hxxp://iwdown.com/inc/e.js. A site hosted in China.

This is just another in a long line of sites with vulnerabilities that allow the bad guys to take advantage of the casual surfers. They don't patch, they probably click on links in spam e-mails and on and on. My last search on the iwdown site shows 135,000 sites with these injections. Click here an see the search results.

Stay safe and have a fabulous weekend and ROCK CHALK JAYHAWK!

2 comments:

a vietnamese said...

my site is also infected by iwdown/inc/e.js. How to solve this problem?

Brice Smith said...

Well you can remove the code that was injected from your web app. Now for the hard part for you, you need to find out what enabled the bad guys to inject the code into your app. There are tools that you can run against your web app like Nessus that will check your application for vulnerabilities. Once identified, you can probably find information on the Internet to fix it. You just have to have some kind of scanner to review your web app with.