Home > Documents > Security Alerts > 2009 > Malicious JavaScript injection attacks are on the rise

Malicious JavaScript injection attacks are on the rise 


 

                                                   JPCERT-AT-2009-0010
                                                             JPCERT/CC
                                                            2009-05-19

                  <<< JPCERT/CC Alert 2009-05-19 >>>

         Malicious JavaScript injection attacks are on the rise

             http://www.jpcert.or.jp/at/2009/at090010.txt


I. Overview

  JPCERT/CC has received information that legitimate websites injected
with malicious Javascript have recently been increasing in number.
Users visiting such sites are redirected to a third party site where
they may possibly be infected with malicious software.
  
  According to US-CERT, such attacks have targeted vulnerabilities in
such software as Adobe Flash, Adobe Acrobat and Adobe Reader.
Additionally, the malware installed by a successful attack attempts to
steal FTP passwords.  If a stolen FTP account has access to files
containing web site code, this code will also be injected with
malicious Javascript with the aim of infecting users to that site
also.

    US-CERT Current Activity
    Gumblar Malware Exploit Circulating
    http://www.us-cert.gov/current/archive/2009/05/18/archive.html#gumblar_malware_attack_circulating


II. Solution

  The following actions will reduce the risk of compromise:
  
  - Ensure that you are running the latest version of Adobe Flash,
    Adobe Acrobat and Adobe Reader
  - Run an anti-virus product updated with the latest virus definition
    files

  To protect yourself against similar attacks in the future, always
ensure that you are running the latest version of all software installed on your system.


III. References

    US-CERT Current Activity
    Gumblar Malware Exploit Circulating
    http://www.us-cert.gov/current/archive/2009/05/18/archive.html#gumblar_malware_attack_circulating

    Sophos
    Troj/JSRedir-R
    http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirr.html

    Adobe Flash Player version tester
    http://kb2.adobe.com/cps/155/tn_15507.html

    Adobe.com
    New downloads
    http://www.adobe.com/support/downloads/new.jsp


  If you have any information you could provide regarding this alert,
please contact us.


======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
Top