Anti-Virus Firm Spreads Virus

Here’s one for you nuts out there that believe Anti-Virus makers spread viruses to keep themselves in business…

InfoWorld is reporting that Anti-Virus vendor Trend Micro’s web site was hacked and used to infect visitors of the web site with viruses and malware.

The infected Web pages are not obviously malicious, but the attackers have added a small bit of JavaScript code that redirects visitors’ browsers to an invisible attack launched from servers based in China. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game.

The JavaScript attack code hosted on these infected Web sites takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

If the code is successful, it then installs a password-stealing program on the victim’s computer that looks for passwords for a number of online games, including the Lord of the Rings Online.

Attacks like these are not uncommon and often take place. The attackers are indiscriminate and attack any web site that is running software that is vulnerable to their exploit code. In this case it looks like the hackers were lucky in that they just happened to also infect Trend Micro’s web site.

This couldn’t be more embarrassing for Trend Micro and it only gives more reputation to the attackers. You can now see the importance of keeping web site and server software up to date and patched with the latest security updates.

[Trend Micro hit by massive Web hack]

[tags]antivirus, antivirus software, anti virus, anti virus software[/tags]