World cup threatens more than just your ears;Legitimate websites "outscore" the adult 99:1

Vuvuzelas and hearing problems are not the only issues that excited football fan can encounter at this year’s Football World Cup in South Africa. One month before the opening match between South Africa and Mexico the bad guys were already busy infecting popular related websites in anticipation of increased traffic. Compared to the same period last year, avast! identified a 200% increase in the number of infected web pages and successfully prevented 200 000 fans from visiting them and getting infected. The attached graph illustrates the dramatic increase in the number of infected websites. So, for the competition’s final stages, make sure you have not only good earplugs, but also good antivirus protection.

Legitimate websites "outscore" the adult 99:1

AVAST Software released a report today proving wrong the general "feeling" that it is the ‘dodgy’ and ‘adult‘ sites that are virus infected. "We are not recommending people to start searching for erotic content, not at all" says CTO Ondrej Vlcek "but the statistics are clear – for every infected adult domain we identify there are 99 others with perfectly legitimate content that are also infected".

In the UK for example, we see every day more infected domains containing the word "London" (such as the blog section of than any other domain containing the word "sex". The latest discovery of an infected site is the Vodafone UK website. This infection in the smart phones section shows how advanced the bad guys are at finding ways to deliver the malware to the internet users.

The infection of Vodafone, which was confirmed as still present on the morning of Monday 28th of June, 2010, is an HTML:Script-inf and it is an evolution of JS:illRedir and JS:ilIiframe exploits. This type of infection is widespread and accounts for 20% of all infected UK pages. The infection takes advantage of a two week old Microsoft Windows vulnerability. As Ondrej Vlcek explains "The problem is particularly bad because the CVE-2010-1885 vulnerability targets the most widely used version of Windows, and at the present time it is still un-patched. This means that even if a user is running a fully updated Windows XP SP3 with all the security patches, the user is still vulnerable."

Leave a Reply