Adobe Redirects Surfers To Malware Installing Malicious Sites

The company was informed of the problem on Friday, but six days later, it still hasn’t been fixed.

The infection, which resides at www.seriousmagic.com/help/tuts/tutorials.cfm?p=1, instructs users browsers to silently install a malicious file from a series of domains known to host attack sites. Adobe announced its acquisition of Serious Magic two years ago and whois records indicate the company is the owner of the seriousmagic.com domain:

Adobe was notified of the infected page on Friday. Currintly the link is still trying to redirect users to a series of malicious sites including abc.verynx.cn/w.js and 1.verynx.cn/w.js. While those links no longer appeared to be active, two other sites used in the attack, jjmaobuduo.3322.org/csrss/w.js and www2.s800qn.cn/csrss/new.htm, were still active. Do NOT visit those links as they might infect your computer.

The sites are associated with malware that spreads by infecting legitimate sites using SQL injections. Such attacks take advantage of web developers who write SQL database applications that accept user-supplied data without inspecting it for malicious characters. They work across a broad array of web applications.

With Fortune 1000 companies such as Adobe punting malicious links, it’s no wonder security experts estimate that more than half of the websites hosting malware were legitimate destinations that had been hacked. Sensitive government websites on both sides of the Atlantic have also been commandeered over the past year.

Sophos has been trying to contact Adobe since Friday to advise them of the problem, and as yet have had no response.

Source:

http://cyberinsecure.com/