PC Infections Often Spread to Web Sites

Most people are familiar with the notion that a computer virus can be passed from PC to PC, but many folks would probably be surprised to learn that a sick PC can often pass its infection on to Web sites, too.

Some of the most pervasive malicious software circulating today (e.g., Virut) includes spreading capabilities that hark back to the file-infecting methods of the earliest viruses, which spread by making copies of themselves, or by inserting their code into other files on the host system.

Malware often modifies existing files on the victim’s PC to maximize the chances that infected files will be shared with and downloaded onto new host systems. One of the most effective ways of doing that is for malware to inject copies of itself into all of the HTML files found on a victim’s computer.

The end result could be this: If the victim is also responsible for maintaining a Web site, there is a good chance that any HTML files subsequently uploaded from the victim’s PC to his or her Web site will also harbor copies of the malware. In most cases, the malware is little more than a script that silently redirects the visitor’s browser to a malicious Web site, which in turn tries to install rogue software by attempting to exploit a kitchen sink full of known security flaws. Nevertheless, this approach can turn a single PC infection into a much larger problem.

Recently, attackers have been hacking into massive numbers of Web sites in a bid to stitch their exploit code into them. While some have been quick to blame those mass compromises on lazy system administrators who fail to keep their sites updated with the latest security patches, the folks over at StopBadware.org say they are seeing an uptick in reports of Web site break-ins that originated with a PC infection.

StopBadware says this particular malware spreading technique involves the automated theft and use of compromised FTP credentials from infected systems (I wrote about this activity in a recent post, The Scrap Value of a Hacked PC). From their advisory:

Specifically, the local malware seeks out saved usernames and passwords in popular FTP clients like CuteFTP and Filezilla and then uses the stolen information to upload modified code to the web server. This leads to a frustrating cycle for the unsuspecting website owner, who discovers bad code on his/her site, fixes the problem, and then finds the site infected again a day or two later.

StopBadware suggests that one easy way to prevent this from happening is to refrain from storing passwords in FTP client software. But this is also a reminder that if you find yourself in the unfortunate position of having to clean up a computer from a virus infection, it’s always a good idea to scan any HTML code and scripts for sites you maintain to make sure you’re not passing along the disease to the rest of the Internet.

http://voices.washingtonpost.com/securityfix/2009/07/pc_infections_often_spread_to.html#comments

Hi FreewheelinFrank

A very interesting read, I for one did not for once gave a second thought about my pc could infect the web.
Mind at the moment comp is clean touch wood (now touching my head) :wink:

pete