Malware injected into legitimate JavaScript code on legitimate websites

JMH · Feb 13, 2013

As recently mentioned in the Sophos Security Threat Report, 80% of the websites where we detect malicious content are innocent sites that have been hacked.

A trend that we have observed is that hackers will insert their malicious code into legitimate JavaScript (not to be mixed up with Java!) hosted on the website.

The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript.

Malware injected into legitimate JavaScript code on legitimate websites | Naked Security

AceInfinity · Feb 14, 2013

Sounds a lot like XSS to me, which is nothing super new, yet I still see the mistake by lots of web admins for not protecting against something so simple.

Search

Search

Malware injected into legitimate JavaScript code on legitimate websites

JMH

Emeritus, Contributor

AceInfinity

Emeritus, Contributor