How to Fend Off a New Kind of Cyber Attack
Welcome to your worst nightmare online. That business website you so painstakingly created, nurtured and made successful has just been poisoned in a nasty cyber attack. Known as Mass Meshing Injection, this type of attack attempts to overpower security measures aimed at detecting a previous type of cyber attack called Mass SQL Injection. Since the beginning of June, it's affected thousands of business websites worldwide.
"In Mass SQL Injections, scripts or iframes are injected into innocent victim sites that cause the browser to load malicious content from the 'redirectors,' which are domains registered by the attacker," Wayne Huang, chief technology officer at Armorize, wrote last week on the Web security firm's Malware Blog.
"To defeat this," Huang continues, "Mass Injection does the following: Every infected website contains a redirector script in the root directory; in this case it is example.js. This is an obfuscated script that will dynamically generate an iframe to the exploit server. It runs the BlackHole exploit and serves drive-by downloads."
As a result, Huang writes, "Every infected website is injected, in their pages, with a script src tag pointing to another random infected website's example.js."
If all of that sounds like mumbo-jumbo, here's a translation: In a mass-meshing attack, hackers implant scripts in websites that redirect a visitor's computer to Web servers that, in turn, inject them with infected programs. Worse yet, an infected site has the very real potential of being blacklisted by Google and security vendors.
So how do you know if your site has been hacked, and if it has, how do you restore it and your reputation when Google or their antivirus software tells customers your site poses a risk? Regina Smola is founder and CEO of WP Security Lock, a Davis Junction, Ill.,-based firm that provides malware prevention and removal services for small and medium-size business. Smola says the best indication that your website has been hacked is when you are redirected to another site when you open your webpage.
"If you attempt to go directly to your website -- or to get to your site from a search engine link -- and you're referred elsewhere, this is a strong indication that your site may have been infected with malware," says Smola. "If this happens, close the web page immediately and run a full malware scan on your website." Smola recommends using a service like Sucuri Web Integrity Monitoring, which lets you know if malware is found on your website.
Even if you suspect your business website has fallen victim to a Mass SQL or Mass Meshing Injection, the best outcome is derived by immediately contacting everyone on your Web and IT teams, including your Web-hosting provider. Then outline a plan of attack of your own. And since infected websites ultimately infect your local computers, be sure to scan -- and if necessary, repair -- your computers before changing any of your administrative passwords. The reason is if your PC is infected, the bad guys could easily gain access to your new passwords, also.
Has your business' site been attacked by malware? Let us know how you handled it in the comments section.