Take care if you visit the main page of AOL UK today – a story about Kate Middleton being pregnant (or rather a doll of a pregnant Duchess of Cambridge) has a nasty sting in its tail.
The story, featured prominently on AOL’s main webpage, points to a different website – MyDaily.co.uk – another part of the AOL media empire.
The MyDaily website uses a legitimate piece of JavaScript code to “carousel” different adverts on the website. However, hackers have managed to breach security on the site and insert their own line of code.
The code the cybercriminals have injected onto the webpage attempts to run malicious code from a third-party site.
Sophos products block the offending webpage as Mal/Iframe-Y.
Malicious hackers love to exploit high traffic websites. Think about it, rather than luring you to visit a site created by a hacker (in order to infect your computer) they can compromise an existing popular website and simply wait for traffic to come their way.
Always run up-to-date anti-virus software on your computer, and ensure that every webpage your computer visits is being scanned for malicious code.
Also, if you run a website – make sure that something like this doesn’t happen to you. For more information on securing your website download our technical paper “Securing Websites” published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.