Troj/IFrame-DY: Old websites don't die they just get infected

Filed Under: SophosLabs

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY.

It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site:

Unfortunately, the old site also contains a malicious script, appended after the closing </HTML> tag.

There are several ways of migrating users to a new website:

  • Deleting the old and let a search engine take the strain
  • Doing Server side redirects
  • Asking the ISP to point the old website to the new sites IP address.
  • and relying on client side redirects.

There are benefits and costs for all the above methods, however, from a security point of view having an old abandoned (not updated and secured) website is the worst.

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s