Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
In a blog posting last week, security vendor Websense claimed that it had detected a "large mass injection attack" in the mould of Beladen and Gumblar.
“We’d been monitoring Nine Ball ‘sleeping’ for couple of weeks before it woke up," said Websense threat manager, Carl Leonard. "In its dream state it benignly redirected users to a search engine, almost as a decoy; but a couple of days ago the alarm clock went off and now it sends the user on a series of redirects to malicious sites.
"The attacker records the visitor's IP address, so, once the damage has been done, the user can be recognised. If they visit one of the 40,000 infected sites again, they’re benignly redirected to a search engine once more.”
However, writing on the ScanSafe blog in response, senior security researcher Mary Landesman said the attack was almost "non-existent". She argued that ScanSafe's data indicated the total number of requests to sites involved in the attacks is 333, while the number of compromised sites is just 62.
ScanSafe also looked at the popularity of the compromised sites and found them to have very low ratings according to web information company Alexa.
"Our view is also shaped by the fact that we see well over a thousand unique web attacks every month – some that are big like Gumblar and some that are very small like 'nine-ball'," she wrote.
"From our unique perspective, 333 requests involving 62 compromised websits is certainly not something we would brand a 'massive injection'."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.