Patch/Configuration Management, Vulnerability Management

JavaScript malware infecting various websites

Dozens of unrelated websites contain malicious scripts that attempt to infect users' machines with malware, security experts said today.

The reports come two days after the highly trafficked website for Dolphin Stadium, host of today's Super Bowl, was infected with a JavaScript-enabled keylogging trojan that took advantage of two previously patched Microsoft vulnerabilities.

In a blog post today, Marcus Sachs, director of the SANS Internet Storm Center, listed about 50 sites that contain the malicious pointers.

He urged system administrators to block network traffic to the sites until it can be confirmed they are free of malware. Users can be infected simply by visiting the websites.

Mikko Hypponen, chief research officer at F-Secure, said some of the hacked sites relate to the Super Bowl.

Sachs, meanwhile, reported that a number of attacks are targeting hospital or medical care sites.

Click here to email reporter Dan Kaplan.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.