Hackers contaminate thousands of websites

By Dave Nixon

Hackers have hit more than 10,000 web pages in an effort to appropriate passwords used in online games.

McAfee researchers initially detected the attack, which appears to originate in China, yesterday morning. Within hours, the security company had tracked more than 10,000 web pages.

McAfee isn’t certain how so many sites have been hacked, but suspects some type of automation. Previously, attackers have used search engines to comb the Internet for susceptible websites and then written automated tools to inundate them with attacks, which eventually let criminals use genuine sites to serve up their malevolent code.

The contaminated sites look no different than before, but the attackers have added a small fragment of JavaScript code that redirects visitors’ browsers to an undetectable attack launched from the China-based servers. This identical technique was used a year ago, when attackers contaminated the websites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl football game.

The attack code leverages bugs that have previously been patched, so users whose software is current are not at threat. Nonetheless, McAfee warns that some of the exploits are for ambiguous programs such as ActiveX controls for online games, which users may not think to patch.

If the code is triumphant, it then installs a password-stealing program on the injured party’s computer that looks for passwords for a number of online games, including the Lord of the Rings Online.

These online game passwords are a well-liked hacker target, partly because numerous online gaming resources can be stolen and then sold for cash.