Exploit may track back to Fasthosts compromise, but security researchers warn of its difficulty to track and detect.
Many specialist UK websites have been used to spread a particularly difficult track form of malware that is capable of dynamically changing its code. The only thing to link the several hundred compromised sites, other than the fact that many of them are small UK-based retail outfits like a bicycle shop and speciality travel firm, is the fact that all their affected domains have, or had, a relationship with the UK's biggest web hosting company Fasthosts, according to the security researcher at ScanSafe who first spotted the attack. Fasthosts' systems called in the police to investigate a security breach in October last year that forced the provider to ask users to change their passwords.
View: Full Story @ IT Pro
Many specialist UK websites have been used to spread a particularly difficult track form of malware that is capable of dynamically changing its code. The only thing to link the several hundred compromised sites, other than the fact that many of them are small UK-based retail outfits like a bicycle shop and speciality travel firm, is the fact that all their affected domains have, or had, a relationship with the UK's biggest web hosting company Fasthosts, according to the security researcher at ScanSafe who first spotted the attack. Fasthosts' systems called in the police to investigate a security breach in October last year that forced the provider to ask users to change their passwords.
View: Full Story @ IT Pro
It sounds very much like the random JS rootkit thats going around atm, and It has nothing to do with Fasthosts as far as I can tell based on that a number of servers got infected and some of them never had anything to do with fasthosts.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.