Thousands hit in broad Web hack

Hackers have launched a massive Web hacking campaign, putting malicious links on as many as 10,000 servers, security vendor Kaspersky Lab warned Friday.

"We’re estimating that in the last two days alone, between 2,000 and 10,000 servers, mainly Western European and American ones, have been hacked," Kaspersky wrote on its Web site Friday, "It’s not yet clear who’s doing this."

The attackers are most likely using compromised accounts on the Web sites or launching what's known as a SQL injection attack, where hackers trick the Web site's software into inadvertently running malicious commands.

The criminals add a line of JavaScript code onto the hacked sites that redirects victims to one of six servers. These sites, in turn, redirect the visitor to a server in China. That server can launch a variety of attacks, targeting known flaws in Firefox, Internet Explorer, Adobe's Flash Player and ActiveX, Kaspersky said.

If the victim's computer hasn't been patched, the attack code could install a variety of spyware and Trojan horse software, including one program designed to steal World of Warcraft passwords.

These Web attacks have become fairly common this past year, according to Roger Thompson, chief research officer with AVG Technologies. "These guys are pretty busy," he said via instant message. "We see them a lot."

Judging from their techniques and from his previous research, Thompson believes the attackers are college students based in China and that they may be the same group that notoriously hacked the Web sites of the Miami Dolphins and Dolphin Stadium ahead of the 2007 Super Bowl football championship.

Earlier this year, a similar attack compromised more than 1.5 million Web pages, Kaspersky said. "Things are still developing, and the similar nature of the malicious programs used in both attacks lead us to think that this new wave of attacks is potentially pretty serious."

The IDG News Service is a Network World affiliate.