At the end of last week SophosLabs discovered that Adobe’s website was linking to a site infected with Mal/Badsrc-C. Digging deeper, they discovered that the infected site was actually now part of the Adobe empire following an acquisition in October 2006. Some of the infected webpages have subsequently been rebranded but the underlying databases serving the site are still riddled with infections.
Mal/BadSrc-C is a dangerous piece of malware that spreads by infecting the PCs of unsuspecting users with SQL injection attacks which download more malicious scripts from the net, and ultimately infect victims with spyware. Ã‚Â
Graham Cluley, senior technology consultant at Sophos commented:
Incidents like this show once again that even established and respected companies like Adobe are not immune from the growing tide of web-based malware attacks. Ã‚Â These infections are insidious, meaning the most well-intentioned internet users can be hit without knowing it. Organisations need to wake up and ensure that their websites are properly coded and that security is in place to stop these kind of attacks. Ã‚Â With over 90 percent of web infections now found on legitimate sites, firms need to take control to avoid putting potential customers at risk.