Hosting sites harbour harmful hacker code

26 Jul 2005

Hackers are turning to free web hosting services as a means of storing and spreading malicious code, according to new findings issued by Websense Security Labs.

Since the start of the year, the security software provider has discovered more than 2,500 such sites that distribute mobile malicious code and spyware tools such as keyloggers, which can be used to reveal a user’s personal passwords to an unauthorised third party.

More than 500 of these sites were created in the first two weeks of July alone – more than occurred in May and June combined, Websense said. These sites were used to spread keyloggers, Trojan horse downloaders, Trojan horse droppers and other harmful spyware and malware, the company added.

This development follows reports earlier this year that free blogging accounts were also being exploited to host malcode. Websense claimed the trend is now expanding to include any form of free web hosting site. It said that recently uncovered sites include those available for popular uses such as hosting online journals, photo albums, greeting cards, music, sports fan pages and online scrapbooks.

Some of the sites may be created with automated shared hacking software and free online tools, while others are built to appear more legitimate. In one instance revealed by Websense, users were met with a greeting-card style message that played music while spyware was being downloaded to the user’s computer in the background without their knowledge.

Websense said the fraudulent, free personal websites last between two and four days, which makes them difficult to trace. Most of the new sites the ocmpany discovered have been hosted in Brazil or the UK and contain text written in Portuguese and English.

Geoff Haggart, Europe vice-president for Websense, said hackers were creating the pages and using social engineering techniques to persuade people to visit their sites and inadvertently install the code. He warned the downside of providing free web space was that most hosting sites do not put in place security features that would prevent them from being used to store and distribute malignant code.

Toproduce its reports, Websense scans more than 60 million websites each day for malicious code. The company also maintains a honeynet of unprotected computers to discover various types of malicious software code and other threats.

By Gordon Smith