New malware attack detected by Sophos

A new web-based malware attack comprising almost half of detected infections this week has been detected by IT security and control firm Sophos.

Identified as JSRedir-R, the threat has been found targeting high traffic legitimate websites, surreptitiously loading malicious content from third-party sites. It has been detected by Sophos six times more often than Mal/Iframe-F, which has been the most widespread web-based threat for over a year.

"No one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn't going to change anytime soon," said Graham Cluley, senior technology consultant, Sophos.

The malware, said Sophos, can be used to steal sensitive information, commit identity theft or meddle with search engine results.

"The problem is that too many computer users still think there's no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it's time to wake up. Hackers won't stop targeting the web as it's proving a successful way for them to spread their infections. To combat this, it's essential to scan every website for malicious code before visiting it," Cluley added.

As a protective measure against this attack, Sophos advises users to update their anti-malware solutions to make sure it is offering protection.