WaterHole Attacks – Compromised Websites

Instances of large-scale compromises of both private industry and public institutions in 2013 prompted a flurry of activity among security researchers to identify emerging and established threats. Commonly identified as Advance Persistent Threats (APTs), this phenomenon is expected to continue well into the foreseeable future. Fundamental to the spread of these threats is one of their foremost methods of propagation – a water hole attack.

Anatomy of a Modern Compromised Website

In the security community, little attention is paid to compromised websites that don’t serve up malware. The malicious URL lists maintained by the anti-virus companies, by Google, and by nearly every other source of malicious URLs rely on anti-virus to trigger on exploits and malware to determine if a site is malicious. In a few select cases, behavioral analysis may be used to determine if a visit to a website will lead to an infected computer. But sites that are taken over by hackers are frequently used for other purposes besides directly serving up viruses or redirecting to sites that do.

 

Japanese Hosting Site Compromised

zveloLABS™ is today warning users to be wary of sites hosted on g0oo.info, a Japanese hosting site.  At this time, all blogs and other web sites hosted by g0oo.info are compromised and currently being used to boost the Google PageRank of various sites including Japanese pornography sites in a technique sometimes called “PageRank Bombing” and also referred to as “BlackHat SEO.”