I originally discovered the malicious redirect on a Windows machine, and I immediately assumed that the machine must somehow be infected. I switched over to a Mac machine and discovered the same malady, suggesting that the malicious redirect originates on the server side and not on my side.
What's unclear is if this is the fault of the target (SharkWebstyle perhaps infected with a XSS attack), or poisoned Google search results. What's frustrating is that most unsuspecting users are doing these types of web searches all the time and clicking on tons of links. Most are using Internet Explorer or another browser with scripting (JavaScript) fully enabled. Since most infections are launched via some sort of scripting on web sites, it is recommended to use an add-on (such as ScriptNo for Chrome or NoScript for Firefox) that only allows scripting in your web browser for sites that you explicitly allow. It makes me sick to my stomach to think of a friend or family member getting infected with some type of malware served up by Google's own search results. Be safe, folks!
UPDATE (2/15/12): It appears that this was most likely the result of a compromised instance of WordPress (most likely through a maliciously modified .htaccess file). Older versions of WordPress can be susceptible to attacks. If you self-host your WordPress site, you need to make sure you update to the latest version, change passwords for your web host account, FTP, and MySQL database. Check this link if you think you might be compromised. You can also check your site to see if it is infected with any known malicious code at Sucuri SiteCheck.
UPDATE (3/3/12): I received a note from the site administrators at Sharkwebstyle that said, "We encountered a problem with a vulnerability in timthumb script used in our WordPress theme, and that vulnerability can change the .htaccess file content, so that's why there was a redirection to other website." Here are some technical details about the Timthumb Wordpress vulnerability and hack.
8 comments:
Post a Comment