A newly uncovered malware campaign is reportedly targetting websites of thousands of small and medium-sized businesses since July, a security report reveals.
As part of attacks, users have been hit with drive-by downloads owing to malicious redirections from legal websites, and revolving URLs being deployed as an entry to take advantage of kit landing pages, according to a report from Malwarebytes Labs.
The report added that the campaign ‘cleverly uses the same Flash-based redirection script, which also allows us to tie similar website compromises together’, hinting it as a massive and coordinated one.
Malwarebytes Labs senior security researcher Jerome Segura said: "Security incidents seldom are unrelated.
"But this particular instance is unique in how it cleverly uses the same Flash-based redirection script which also allows us to tie similar website compromises together.
"Thousands of websites have been hacked and are performing malicious redirections, unbeknownst to their owners."
The report noted that all the hacks boasted an identical signature, with the name variable, ‘EITest,’ appearing to be used constantly across all attacked websites.
Further, SMB owners are advised to carry out a complete security audit, including patches for redundant CMS, Flash and other plug-ins.
Segura added: "The website injections can be be easily spotted at the bottom of the html source code. If you are a website owner and you have discovered this script, please ensure to look for other signs of infections on your server.
"The code in itself represents the symptoms, but the real culprit often is a backdoor (malicious shell or other php code) that allows the bad guys access and the ability to refresh the malicious URLs.
"A full audit of your site, including patches for outdated CMS software and plugins is a must."
