Security researchers have recently discovered hackers redirecting users to thousands of newly infected websites through fake web pages.
According to Websense, a security vendor, an astonishing 40,000 or more websites have recently been hacked to redirect computer users to other web pages in an attempt to infect PC's with malware.
The websites that users land on from this attack have likely been hacked through an SQL injection attack or via FTP credentials that may have been stolen. The theft of FTP credentials reminds us of the Gumblar attack but researchers suspect that this incident is not related to Gumblar.
Hackers may be using automated tools to carry find and infect vulnerable websites. One of the latest campaigns similar to this one reveals that infected sites are testing to see if a particular PC has software vulnerabilities within applications such as Firefox and Internet Explorer which can be exploited to download malware.
As of now it is not certain what the attackers are doing with this infection. Could it be possible that they will gain control of the compromised systems to carry out illegal actions or configure them to send out spam messages to thousands of recipients? Is it likely that we may have stumbled upon a copy-cat group that seeks out to reproduce the same actions as Gumblar? Only time will tell unfortunately.