/>
X
Tech

Trend Micro sites hacked in global web attack

The security vendor has said its UK and Japanese sites were compromised as part of a wider attack involving over 165,000 sites
Written by Tom Espiner, Contributor

Security vendor Trend Micro has had two of it websites compromised.

Trend Micro discovered that its UK and Japanese sites were compromised on Wednesday, according to a spokesperson for the security vendor. The sites had malicious iFrames injected into their "virus encyclopaedia" pages, according to a Trend Micro spokesperson. iFrames are HTML tags which link to other websites.

Trend Micro's chief technology officer for internet content security, Dave Rand, told ZDNet.co.uk on Friday that the company was investigating the attack.

"It was an iFrame-injection attack, which redirected users to a malicious site," said Rand. "We're still in the process of working on the details of how, why and what."

Security vendor Sophos said in a blog post that users stood a chance of being infected with a Trojan downloader, although Trend Micro could not confirm that claim, as the incident was still under investigation.

However, according to Rand, this incident was part of a wider attack on websites around the world that was reported by security vendor McAfee on Thursday. Rand said that 165,000 websites "and counting" had been affected.

On Wednesday morning, McAfee Avert Labs detected over 10,000 web pages rigged to hijack web surfers' PCs. The web pages had been modified with code redirecting visitors to another website "laden with a malware cocktail" that attempted to break into the users' PCs, according to McAfee.

"The redirect and the attempted break-ins all happen unbeknownst to the web surfer," said a McAfee spokesperson.

Compromised pages were detected on the websites of bodies including travel, government and hobbyist organisations. McAfee said that the web pages were probably reprogrammed in an automated attack that included scanning the internet for unsecured servers, and then planting a piece of JavaScript code redirecting users to a site in China that served up the malware.

"The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC," said McAfee.

The blend of malware included a backdoor that allows installation of additional malicious programs and a keylogger for stealing online-gaming passwords.

"Cybercrooks have increasingly been targeting online gamers as items in virtual worlds, and characters in games have now got monetary value in the physical world," said McAfee.

Trend Micro's Rand said the attack on his company showed that "it's not possible to 100 percent secure any website today". Rand said it was likely that the incident had happened due to Trend allowing dynamically updated content to be executed on its site.

"This is indicative of the Web 2.0 phenomenon of allowing dynamically updated content on websites," said Rand. "In the act of doing multiple [search] queries, you can ask for certain information to be represented. Static sites don't allow search. As soon as you allow users to customise content, something bad can happen, as, essentially, you're allowing them to run code on the site."

Rand said that Trend Micro's site security was based on a mixture of using its own expertise and other security vendors' technologies. Rand added that none of Trend Micro's customers would have been affected by visiting the company's sites, as the vendor detects iFrame attacks.

Editorial standards