There’s a kick in the noots for the folks over at Trend Micro. Apparently their site (or parts thereof), on IIS, was compromised by nefarious types as part of a larger effort to capture passwords.
From InfoWorld (via Yahoo):
A Trend Micro spokesman confirmed that the company’s site had been hacked Thursday, saying that the attack took place earlier in the week. “A portion of our site — some pages were attacked,” said Mike Sweeny, a Trend Micro spokesman. “We took the pages down overnight Tuesday night — and took corrective action.”
On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.
Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft’s Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages. A software bug in any of those programs is all the attackers need to install their malicious code.
The attack in question apparently originated in China as part of a massive automated campaign that has taken out roughly 20,000 pages so far.
[UPDATE]: Billy Hoffman was good enough to post a copy of the Javascript that is making the rounds as a part of this massive web hack.
[tags]Trend Micro, Massive Web Hack, Password Theft[/tags]