Recent Attacks on Legitimate Websites Redirect to Malicious Code

Recently we’ve been scratching our heads around the office after seeing a pop-up on a few¬†legitimate¬†websites we frequent to do business. The pop-up window says:

Warning!

On your computer detected the malicious code. Should immediately make sure that your system is safe! Killing Hazard (R) for Microsoft Windows XP immediately started to work.

Afterwards it directs you to a page that looks like it’s scanning a Windows XP computer for infections and when you confirm it reportedly tries to download an EXE file.

This was especially confusing because we primarily use Mac OS X. In addition we’ve seen the error on Firefox, Chrome, and Safari. After doing some research some of the things I’ve discovered are:

  • This Window can appear on ALL browsers (Safari, Firefox, Internet Explorer, and Chrome)
  • This Window can appear on ALL operating systems (People have seen it on Windows XP, Vista, Windows 7, Mac OS X Leopard, Mac OS X Snow Leopard, and even various Linux distros)
  • This Window is, in almost all cases, happening because of something malicious on the site you are visiting’s site, not something wrong with you computer.

If you see this Window do not be alarmed and, most importantly, do not download and run the EXE file. It has also been reported that it will direct different browsers to different landing pages, some of which asking you to install Adobe Flash upsets. Do not install these either.

Mac and Linux users should not be alarmed as an EXE can not infect their computers.

Regardless, it’s please remember it’s also safe to have a program like Malwarebytes available so that in the event you do get some sort of infection. If you use Firefox or Google Chrome it is also good to be running the AdBlock extension to decrease the risk of infection while browsing the internet.

Update: It appears there’s even more too this malware than meets the eye. In addition to the information above, this malware may have changed the settings of your router to rediret you randomly to more malware sites. To check, log into your router and look for your DNS IPs under your router settings. If they’re set to specific IP addresses, change them to automatic OR set them to 8.8.8.8 and 8.8.4.4 which are Googles free public DNS servers. For more information on your router settings and DNS server, be sure to check your router manufacture’s website.

Loading...