IT security and control firm Sophos is warning computer users to
be vigilant following its discovery that legitimate webpages on the
website of Adobe Systems were hosting malicious code that can
infect visiting computers.
Sophos identified the threat, known as Mal/Badsrc-C,
on the Fortune 1000 company's 'Vlog It support center section' - an
area providing tips for video bloggers - on Friday 3 October.
Despite repeated attempts by Sophos to contact Adobe about the
problem, the malicious code was still present until last night.
Sophos intercepting the infection on the Adobe
website.
Mal/Badsrc-C is a dangerous piece of malware that spreads by
infecting the PCs of unsuspecting users with SQL injection attacks
which download more malicious scripts from the net, and ultimately
infect victims with spyware.
"Incidents like this show once again that even established and
respected companies like Adobe are not immune from the growing tide
of web-based malware attacks. These infections are insidious,
meaning the most well-intentioned internet users can be hit without
knowing it," said Graham Cluley, senior technology consultant at
Sophos. "Organisations need to wake up and ensure that their
websites are properly coded and that security is in place to stop
these kind of attacks. With over 90 percent of web infections now
found on legitimate sites, firms need to take control to avoid
putting potential customers at risk."
Sophos recommends that all businesses ensure their websites are
fully defending against attacks, including
spam, phishing and malware, and that all vulnerabilities are
patched.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.