WMF Infected Site Examples

Date:01.02.2006

Threat Type: Informational Alert

Websense Security Labs (TM) is actively tracking websites that attempt to infect machines without any end-user intervention by simply visiting a site. Currently there are two types of sites. The first are sites that have been setup by the attackers in order to infect users. In most cases these sites require a lure (such as an email or Instant Message) in order to attract users. These are mostly registered with fraudulent registration detail.

The second are sites which have been compromised. The below examples screenshots are of sites that appear to have been compromised and that by simply visiting them with a computer running the Windows you can be infected.

As you can see the sites are geographically diverse. We have discovered sites in the United States, Russia, Netherlands, the United Kingdom, China, and Japan.

We have also included a screenshot of the behavior of a Unix machine (running Knoppix) and Firefox.

Knoppix behavior upon visiting an infected site:

Infected sites screenshots: