Dutch News site spread Malware on 100000 Computers
Dutch popular news site NU.nl appears to be serving Java exploit (drive-by malware) to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The attackers made use of servers in India which an exploit kit was placed.
The Ministry of Security and Justice issue a warning for malware yesterday by Nu.nl estimated to have infected 100,000 computers. Erik Loman, developer at security firm SurfRight, made known on Twitter on the front page of the news javascript code 'g.js' was blocked. The code triggered by Loman a nuclear exploit pack on a web server in India was placed.
The exploit script checked the browser and common plugins like Flash and Adobe Reader security hole. If an exploit was found, the server sent the Sinowal-malware, a trojan of Russian origin, which is continuously updated and attempts to steal bank details.
Officials at Nu.nl said that an account for the content management system Wednesday 'has fallen into the wrong hands. They confirm that the malware has been deleted now, Also new login information was distributed to managers and editors.