PC Infections Often Spread to Web Sites
Most people are familiar with the notion that a computer virus can be passed from PC to PC, but many folks would probably be surprised to learn that a sick PC can often pass its infection on to Web sites, too.
Some of the most pervasive malicious software circulating today (e.g., Virut) includes spreading capabilities that hark back to the file-infecting methods of the earliest viruses, which spread by making copies of themselves, or by inserting their code into other files on the host system.
Malware often modifies existing files on the victim's PC to maximize the chances that infected files will be shared with and downloaded onto new host systems. One of the most effective ways of doing that is for malware to inject copies of itself into all of the HTML files found on a victim's computer.
The end result could be this: If the victim is also responsible for maintaining a Web site, there is a good chance that any HTML files subsequently uploaded from the victim's PC to his or her Web site will also harbor copies of the malware. In most cases, the malware is little more than a script that silently redirects the visitor's browser to a malicious Web site, which in turn tries to install rogue software by attempting to exploit a kitchen sink full of known security flaws. Nevertheless, this approach can turn a single PC infection into a much larger problem.
Recently, attackers have been hacking into massive numbers of Web sites in a bid to stitch their exploit code into them. While some have been quick to blame those mass compromises on lazy system administrators who fail to keep their sites updated with the latest security patches, the folks over at StopBadware.org say they are seeing an uptick in reports of Web site break-ins that originated with a PC infection.
StopBadware says this particular malware spreading technique involves the automated theft and use of compromised FTP credentials from infected systems (I wrote about this activity in a recent post, The Scrap Value of a Hacked PC). From their advisory:
Specifically, the local malware seeks out saved usernames and passwords in popular FTP clients like CuteFTP and Filezilla and then uses the stolen information to upload modified code to the web server. This leads to a frustrating cycle for the unsuspecting website owner, who discovers bad code on his/her site, fixes the problem, and then finds the site infected again a day or two later.
StopBadware suggests that one easy way to prevent this from happening is to refrain from storing passwords in FTP client software. But this is also a reminder that if you find yourself in the unfortunate position of having to clean up a computer from a virus infection, it's always a good idea to scan any HTML code and scripts for sites you maintain to make sure you're not passing along the disease to the rest of the Internet.
Finally, if you have questions about security, privacy, or anything tech-related, please don't hesitate to drop it in the queue for Security Fix Live, a live online discussion that I'll be hosting at 11 a.m. ET tomorrow.
July 16, 2009; 4:43 PM ET
Categories: Latest Warnings , Safety Tips | Tags: pc infections, web sites
Save & Share: Previous: Spammers, Virus Writers Abusing URL Shortening Services
Next: Firefox Update Plugs Critical Security Hole
Posted by: Dawny_Chambers | July 16, 2009 7:36 PM | Report abuse
Posted by: lienkirk | July 16, 2009 8:13 PM | Report abuse
Posted by: Leofwine | July 16, 2009 8:13 PM | Report abuse
Posted by: oldno7 | July 16, 2009 9:03 PM | Report abuse
Posted by: LiberalBasher | July 16, 2009 9:18 PM | Report abuse
Posted by: firstname.lastname@example.org | July 17, 2009 3:21 AM | Report abuse
Posted by: holocaustgaza | July 17, 2009 4:02 AM | Report abuse
Posted by: gbooksdc | July 17, 2009 6:43 AM | Report abuse
Posted by: nourider | July 17, 2009 9:54 AM | Report abuse
Posted by: BTKrebs | July 17, 2009 10:27 AM | Report abuse
Posted by: webdevgal | July 17, 2009 11:25 AM | Report abuse
Posted by: Kaynice | July 17, 2009 1:00 PM | Report abuse
Posted by: EZReader1 | July 17, 2009 1:25 PM | Report abuse
Posted by: AlphaCentauri | July 17, 2009 8:19 PM | Report abuse
Posted by: AJNorth | July 18, 2009 3:50 AM | Report abuse
The comments to this entry are closed.