IT security and control firm Sophos is warning computer users to
be vigilant following its discovery that legitimate webpages on the
website of Adobe Systems were hosting malicious code that can
infect visiting computers.
Sophos identified the threat, known as Mal/Badsrc-C,
on the Fortune 1000 company's 'Vlog It support center section' - an
area providing tips for video bloggers - on Friday 3 October.
Despite repeated attempts by Sophos to contact Adobe about the
problem, the malicious code was still present until last night.
Sophos intercepting the infection on the Adobe
website.
Mal/Badsrc-C is a dangerous piece of malware that spreads by
infecting the PCs of unsuspecting users with SQL injection attacks
which download more malicious scripts from the net, and ultimately
infect victims with spyware.
"Incidents like this show once again that even established and
respected companies like Adobe are not immune from the growing tide
of web-based malware attacks. These infections are insidious,
meaning the most well-intentioned internet users can be hit without
knowing it," said Graham Cluley, senior technology consultant at
Sophos. "Organisations need to wake up and ensure that their
websites are properly coded and that security is in place to stop
these kind of attacks. With over 90 percent of web infections now
found on legitimate sites, firms need to take control to avoid
putting potential customers at risk."
Sophos recommends that all businesses ensure their websites are
fully defending against attacks, including
spam, phishing and malware, and that all vulnerabilities are
patched.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.