Regular domains beat smut sites at hosting malware
New research pours scorn on the comforting but erroneous belief that Windows surfers who avoid smut and wares on the web are likely to avoid exposure to malware.
A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site. In the UK, Avast found that more infected domains contained the word "London" (such as the blog section of http://kensington-london-hotels.co.uk) than the word "sex". Among the domains labelled as infected by Avast was the smart phones section of the Vodafone UK website. The mobile phone operator's site contained a malicious JavaScript redirect script that attempted to take advantage of an unpatched Windows Help and Support Centre flaw (CVE-2010-1885) to infect the machines of visiting surfers.
HTML files from sub-domain blackberry.vodafone.co.uk still contain malicious code at the time of writing but point to a site containing the attack payload site that has been pulled offline.
"Users browsing Vodafone domain should be safe - until new hack/updated hack will be performed," Avast researcher Miloslav Korenko told The Reg. "This may happen in the same way as the first hack.
"Of course, the Blackberry section of Vodafone.co.uk website needs to be cleaned as well - to prevent future attack similar to this one."
read the whole thing here