Our Blog

Web Directories site compromised, leads to Incognito Exploit Kit

Share

Monday, Sep 05, 2011

Websense® ThreatSeeker® Network has detected that the Web Directories site (http://www.web-directories.ws) was compromised on 4th September, 2011. This lead users to the Incognito exploit kit.  

Web Directories is a site designed to help Webmasters and site owners find relevant directories. They intend to offer one of the largest Web directories listing on the Internet. This site has heavy global Alexa traffic, especially from Asia. It is estimated that over 60% of visitors to this site are from India, which has an Alexa traffic ranking of 885.

 The Web Directories homepage:

 

This site had the following malicious codes inserted: 

 

The link hxxp://dire-straits.co.uk/stat.php redirects you to another malicious site hxxp://hertscycle.cu.cc/showthread.php?t=67640185 that contains the exploit codes.

 
From our analysis this code belongs to a notorious exploit kit - Incognito exploit kit. When redirected, a Trojan is silently downloaded to unsuspected clients, and infects them in the process. 

 

 We also detected many other Web sites injected with similar codes:

 

Websense customers are protected from Web-based threats by ACE, our Advanced Classification Engine.

Tags Exploit

About the Author