New Mass Injection Attack Distributes ZeuS

New Mass Injection Attack Distributes ZeuS
By: Lucian Constantin | 15th July 2011
Security researchers from Sophos warn of a widespread web injection attack that has infected a large number of websites with code distributing a variant of the notorious Zeus trojan.
The web injection is very widespread with the malicious code, detected by Sophos as Mal/ObfJS-AB, representing a quarter of all repored threats at the moment.

The attack doesn’t seem to be limited to any particular type of website or web server, suggesting that the compromise vector might be stolen FTP accounts.

Since the purpose of the attack is to distribute a variant of the ZeuS information stealing trojan, this theory is even more likely.

The injected code redirects visitors to a third-party page which launches PDF and Java exploits. Successful attacks install a ZeuS variant.

Research by: Shanil Prasad