News broke earlier today that a malicious PHP script found on over 5,000 compromised websites has been fingered as the source of a large-scale spam campaign that has been silently redirecting users to web pages hosting diet and intelligence boosting pills. The purpose of this script is to keep hacked sites under the control of a group of cyber-criminals, and manage dynamic redirections to various spam campaigns. IT security experts commented below.
Sean Newman, Director at Corero Network Security:
“Recent reports of the highly prevalent “Brain Food” botnet highlight just how frighteningly easy it still is for cyber criminals to hack into and take control of legitimate websites. In this case, the botnet is focused on monetising spam campaigns in the form of selling pills, with various claimed benefits. However, when the number of compromised sites runs into the thousands, as in this case, it’s easy to see how these could be harnessed for other nefarious activities, including the launch of DDoS attacks. And, in the same way that very few organisations these days operate without a Spam filter as part of their email service, similar consideration should be given to being protected by the latest generation of always-on real-time, DDoS protection.”
Nadav Avital, Threat Research Manager at Imperva:
“This kind of technique used by hackers to overcome spam filters and prolong their attacks is not new. Also, using base64 encoding to obfuscate the attack is a known method used by hackers which can sometimes work to the defender’s advantage, as we recently demonstrated.
Last year, Imperva uncovered a similar botnet that infected sites with a backdoor script that sent spam emails and redirected victims to fake Viagra pills sites.”