Song lyrics can be so compromising!
Be careful out there. Just as Qualys releases its latest report discussing the changing face of today’s threats (and I’ll be discussing that with Wolfgang Kandek in the next post), Websense discovers a perfect example: bad guys are compromising good sites. The Websense Security Labs ThreatSeeker Network has found that Songlyrics.com (which gets about approximately 200,000 daily page views) got compromised with obfuscated malicious code.
Once a user accesses the main page of the song lyrics site, malicious code is injected which leads the user to an exploit site loaded with the Crimepack exploit kit. Only 39.5% of antivirus engines currently recognise this exploit. Any computer exposed and infected just becomes another zombie-bot in the wild; and there’s hardly anything the user can do to prevent this from occurring.
We are seeing the bad guys more frequently compromise popular sites in an effort to infect and exploit the most users, as in this most recent case with songlyrics.com, a site that gets millions of unique visitors. It is unfortunate that in this case, Google Instant results are also helping to steer unaware users to this malicious content. Without real-time content analysis, all users are at risk.
Carl Leonard, Senior Manager, Websense Security Labs