Hackers Co-Opt Comedy Central and Other Web Sites to Steal User Passwords

The unpermitted and surreptitious use of legitimate Web sites by hackers to steal the passwords and other sensitive information of users visiting those sites is on the rise.

This is illustrated in blazing highlights by the brazen use of the Comedy Central Web site over the weekend, along with several other sites. In each instance, the hackers had managed to install a virus on the Web site. In addition to grabbing sensitive data, the virus was also able to inject other programs onto the visiting user’s computer.

But that’s not where it ends. In a rather brilliant twist, the hackers drove traffic to the infected sites by planting seemingly legitimate ads that actually drove those who clicked the ads to the infected sites - on other sites!

The sites that unknowingly featured the bogus ads included TheRegister.co.uk, and Ilse.nl, a large Internet company in the Netherlands.

How, you may ask, did the hackers manage to plant the malicious advertisements?

Completing their trifecta, the hackers took control of German advertising firm Falk Solutions AG.

Got that? So they 1) took control of the advertising firm, used that advantage to plant nefarious code in the 2) advertisements which featured in places like The Register, so that 3) when users clicked on the ads, they were… [Continued]