BlackHole Exploit Kit Delivered as Google Analytics

securitymalware

Websense Security Company has reported a new attack that aims to spread malicious software. According to blog post screenshot attackers used Google Analytics system to prevent webmasters from detecting the malicious code.

Google Analytics is widely used by website owners to track number of visitor’s and their details, but the case described by websense is very obvious as analytics code used to be at the bottom of the page while the injected code is at the top.

(1) Screenshot of the malicous domain source code (click to enlarge)

(2) Screenshot of the obfuscated code (click to enlarge)

Analyzing the obfuscated java script showed that the malware is a set of Black Hole exploit, very popular and modern virus, firstly appeared back in 2010 September and it conduct drive by download attack. Cyber criminals find this malware very effective as it supports some complex tasks.

It can verify victim’s operating system or browser version and location to act according to criminal instructions. The best protection against this malware is by keeping your system/application up to date and having the latest antivirus signatures.

Source: http://community.websense.com/blogs/securitylabs/archive/2012/02/07/injection-code-masquerade-as-google-analytics.aspx

Share