Alert From the Websense Security Labs
September 2010 by Websense
Websense Security Labs™ ThreatSeeker™ Network has detected that the popular site Songlyrics.com (with approximately 200,00 daily page views and 2,000,000 unique visitors) got compromised by obfuscated malicious code. Websense customers had been protected by the real-time protection in our Advanced Classification Engine – ACE.
Once a user accesses the main page of the song lyrics site, malicious code is injected which leads a user to an exploit site loaded with the Crimepack exploit kit. Only 39.5% of antivirus engines are currently recognizing this exploit. Unfortunately – those computers exposed and infected becomes another zombie-bot in the wild, with hardly anything the user can do to prevent this from occurring.
“We are seeing the bad guys more frequently compromise popular sites in an effort to infect and exploit the most users, as in this most recent case with songlyrics.com, a site that gets millions of unique visitors,” said Carl Leonard, Sr. Manager, Security Research. “It is unfortunate that in this case, Google Instant results are also helping to steer unaware users to this malicious content. Without real-time content analysis, all users are at risk.”