Chinese compromised sites dominate malicious web page threat in May
Anti-virus vendor Sophos has reported that in May 70 per cent of infected web pages were hosted by legitimate sites compromised using Iframe exploits. Over half of all such infected web pages were of Chinese origin. Some 30 per cent were apparently of Chinese authorship. Sophos has told heise that two specific Iframe Trojan droppers: Pardona and Fujack; were the most commonly encountered, neither of which have spread significantly beyond Chinese internet space. A significant proportion of these compromised sites seemed to be dedicated to stealing on-line gaming credentials, rather than banking credentials. However as the Trojans in question are primarily downloaders the exact nature of the payload is changeable. Nevertheless, anti-virus signatures have been available to protect against these Trojans since well before the beginning of May. Consequently the fundamental contributor to infection is once again lax computer management by users.