Wednesday, 21 May 2008

Warning - Malware Attacks on 327,000 Asian Websites (Including Sites in Singapore)

Over the last two weeks, there is a good chance that you have exposed your computer to virsuses or malicious software without even knowing it. If you visited websites such as listings.com.sg in the last two weeks, you were probably exposed.

The information technology security firm 'F-Secure' reported that up to ten local Singaporean websites have recently been attacked by hackers. The hackers have been attacking using a Javascript injection (as most 'savvy' internet users are aware, Javascript is a programming language often used for website development).
Most of the affected sites have either since been restored or are currently undergoing maintenance to rectify the problem.

The way the attackers work, is that malicious code is sent to a website, and then the compromised site redirects visitors to another site hosting the malicious software (also known as 'malware'). The malware allows the hackers to access a variety of information stored in personal computers that have not been properly secured or protected. This information includes, but not limited to, passwords and personal information.

IT security consultancy firm Trend Micro reported that over the weekend of 17th & 18th May alone, at least 327,000 websites in Asia were attacked using these Javascipt insertions. These attacks predominately targeted Chinese-language websites and exploited vulnerabilities in some Chinese-language software installed on personal computers such as 'Xunlei Thunder Dap-Player'.

This seems to indicate that the attacks were targeted specifically at sites in China, Taiwan, Singapore and Hong Kong.

According to an interview by 'Today' with Trend Micro's regional managing director, Mr Goh Chee Hoh, "This is a big attack. Trend Micro has observed a spike in the number of attacks recently and we envisage more such large-scale attacks in the near future."

F-Secure has made it clear that the most vulnerable sites are those that are poorly designed. Their investigations showed that most of the compromised sites in China, Taiwan and Hong Kong were commercial sites, such as kitchenware company 'Tafel' and 'Tianjin Lishen Battery'.


The best way for internet users to protect themselves from such attacks, is to ensure that their operating systems, applications and virus and security software is up-to-date, since most of the attacks target old and unpatched vulnerabilities in a person's computer.

As the Minister for Community Development, Youth and Sports, 'Vivian Balakrishnan' so aptly pointed out at last month's launch of the second 'Infocomm Security Masterplan' - "We really need everyone to become mindful of security practices at home, in school or in the office. Only when there is universal awareness and consciousness will we then be able to make it more difficult for cyber-attacks to be launched and propagated."

The $70 million 'Infocomm Security Masterplan 2' aims to engage the public and private sectors, as well as individuals, to combat emerging cyber-threats over the next five years.


1 comment:

Neon Tetra (Paracheirodon innesi) said...

Pretty annoying problem, had met a few sites that forces me to redirect. But another possibility is that the computer in use may house a trojan that prevents you from accessing certain websites by replacing the site url with its bogus url homepage.