Web security firm Websense is reporting that the servers of web advertiser media-servers.net has been compromised and is serving visitors malcode that exploits Microsoft and Adobe vulnerabilities. Thousands of sites have been compromised over several months with the result that visitors get served an auto-loading script, the Websense researchers said.
Patches have been available for the vulnerabilities involved, so, only unpatched machines visiting the site will be compromised.
Websense researchers also said that the malware involved is only detected by two of the 40 anti-virus companies: F-Secure (Suspicious:W32/Malware!Gemini) and Sunbelt (Trojan.Win32.Bredolab.Gen.1 (v)). The detection is based on behavioral analysis by F-Secure’s DeepGuard, and Sunbelt’s VIPRE technology.
Story here.
Tom Kelchner