More than half a million web pages have been compromised with malware as part of a new attack, Trend Micro warns.

Badly configured PHP bulletin board applications are being used to plant malicious JavaScript on web forums. The JavaScript is used to push variants of the Zlob Trojan that come disguised as a video codec installer.

The Trojans change DNS and browser settings on infected PCs leaving them open to further attack. Many of the compromised forums were already used to spamvertise knock-down drugs and smut sites. In the UK most of the infected websites belong to small- to medium-size firms whose weak security controls have left the door open to hackers.

The malware is served up from systems based in the US and Russia. Trend reckons the latest attack bears the same hallmarks as previous attacks by a Russian and Ukrainian gang punting the Zlob Trojan. Trend has more on the attack in a blog posting here.

Cybercrooks are increasingly looking toward planting malicious script onto regular sites rather than attempts to trick users into visiting obviously dodgy sites touting warez and porn. Fake media codecs are becoming a favourite vector for spreading spyware and Trojans.

Last week McAfee warned that hundreds of thousands of samples of new Trojan that poses as a media file had flooded onto P2P networks. The booby-trapped files in that case and the Zlob-infected media codecs in the latest case both turn infected machines into zombie clients under the control of hackers.

In both cases the scale of the attack rather than the technology in play, which has been around for months, is what's noteworthy. ®

More comments…

Related stories

Web browsers face crisis of security confidence (23 June 2008)
Browser makers throw up drive-by download barriers (9 June 2008)
Mass SQL injection hits English language websites (21 May 2008)
USAF Colonel goes on the offensive with botnet destroyer plan (12 May 2008)
I Was A Teenage Bot Master (8 May 2008)
Cybercrims dump swag on open botnet server (6 May 2008)
Storm worm botnet turns into April shower (1 May 2008)
Whitehats tackle The Great Botnet Dilemma (29 April 2008)
Kraken stripped of World's Largest Botnet crown (maybe) (9 April 2008)
Mass compromise powers massive drive-by download attack (13 March 2008)
Unpatched RealPlayer bug paves way for drive-by downloads (12 March 2008)
Web browsers on the front line of exploitation (15 February 2008)
MayDay! MayDay! Ruskies reinvent cyber crime (13 February 2008)
Malware authors target Mac emerging markets (25 January 2008)
Drive-by download menace spreading fast (23 January 2008)
Guessing at compromised host numbers (25 September 2007)