Web Directories site leads to exploit kit and malware

Web Directories, a site designed to help webmasters and site owners find relevant directories, has been compromised and found redirecting its visitors to sites running the Incognito exploit kit, warn Websense researchers.

Very popular in Asia and especially in India, the site experiences heavy traffic daily, and is therefore an ideal gateway page for malware attacks.

The hackers inserted an iFrame into the source code of the site’s main page, and it redirects anyone who lands on it to a page that does the same and lands the visitor onto a final page hosting the exploit kit (click on the screenshot to enlarge it):

The researchers define the Incognito exploit kit as a Malware as a Service app that is located in the cloud and provides services for underground communities. Two versions of the kit can currently be found in the wild – indeed, the researchers have spotted a number of other pages redirecting to those hosting one of them.

“Version 2.0 started to be advertised at the beginning of February 2011,” they explained. “Rental for this pack was/is $200 per week or 15% from traffic routed to this exploit kit. Though scripts stay the same most of the time and the set of exploits is relatively small (Java and Adobe are still the most-used ones), the owners of this exploit kit apply new multi-layered obfuscation techniques on a regular basis.”

In this particular case, Web Directories’ visitors who were affected by the exploit would find a Trojan surreptitiously downloaded and run on their machines. So, if you visited the site on September 4 or earlier, an antivirus scan of your machine might be in order.

In the meantime, the site has been cleaned of the malicious code.