WebSense Alert: Large Chinese Sites Hosting Malware

Just clearing out some backlog caused by other obligations, but I wanted to mention this advisory by WebSense. There are or were a number of large and popular Chinese sites which were hosting links to exploits which take advantage of unpatched Microsoft systems. The subsequently downloaded malware is apparently designed to capture keystrokes, typically to steal account credentials (hence why things like one time passwords are so important).

You may remember from last month that there was a fairly high profile website compromise when the website for Dolphin Stadium was attacked to add a link to malicious JavaScript. In this case it ended up being caused by a SQL injection attack. This is just one of the many mechanisms by which attackers can cause otherwise legitimate sites (such as the chinese sites from the WebSense alert) to begin to host malware. The more popular the site, the more incentive people have to try and inject malware onto it.