Wal-Mart's admins have come in to work to find .swf Flash files on their website being used to help serve malware. The famously upstanding Sam Walton would not be amused.
According to researchers, Wal-Mart’s website has fallen to an SQL injection attack that exploits a vulnerability in versions of the browser Flash player plug-in, possibly including the latest update of April 18.104.22.168. Unatched visitors could find themselves redirected to a maze of cross-referenced criminal domains and hit with a variety of malware as a result.
“Besides Wal-Mart succumbing to the attacks, the really interesting aspect of this particular wave is the sheer number of malware domains involved,” said Mary Landesman of Scansafe, which first noticed Wal-Mart’s problem pages.
“In previous attacks, the malicious src reference pointed to an exploit page on a malware domain which in turn foisted password stealing malware from that same domain. In this round of attacks, the malicious src reference points to a malware domain that in turn points to a different malware domain,” she said.
Some confusion reigns as to which vulnerability is being exploited in the new website hack. It might be related to a flaw reported last week by Symantec as being a problem, said later by Adobe to have been patched in the latest Flash plug-in version.
Want isn’t in doubt is that Adobe’s Flash is offering a way into some websites for attackers. A known cross-site scripting attack is another possible culprit.
Compromised websites have become a successful channel for distributing malware because users don’t expect to be hit when visiting legitimate websites. The applications exploited vary from attack to attack.