Beladen: 40,000 Website Attackers
(Page 1 of 4 )
In June 2009, Websense, an Internet security firm, identified a mass infection of up to 40,000 websites by a new attacker nicknamed “Beladen.” Beladen, which translates as “loaded” in German, is so named because the security exploit works by directing visitors to various websites to a website named Beladen. That website then takes advantage of security holes in various applications to “load up” unsuspecting computers with all kinds of bad software.
One of the remarkable aspects of the Beladen attack is that no one can figure out how the host websites became infected. The idea is that if you visit any of these 40,000 websites, you will find a piece of hidden code somewhere on the page. This hidden code is "obfuscated," meaning that it appears to be gibberish to humans, but works as a functioning program for computers.
A major cause of concern is that there is no real connection between the 40,000 websites. Although there are theories as to how the Beladen attackers gained access to the websites, there are no concrete facts.
This string of redirects is a "security" measure designed into the attacking software. Numerous checks are performed at each point to make sure that a real attack is being carried out, and Internet security firms are not trying to gain information on the attack.
Once at Beladen, the website will attempt to take advantage of various security loopholes in Internet Explorer, Firefox, and other Internet applications, such as Quicktime. If your computer is susceptible to any of these loopholes (around 20-30), the website gains access to your computer and installs malicious software such as viruses, spyware, and Trojans. The result is that your computer is thoroughly infected by an unpredictable host of programs that may prevent you from using it at all.
More Web Hosting Security Articles
More By Joe Eitel