A widespread attack on Web servers and sites continued Friday, but the Russian hacker site that was delivering malicious code to client machines has been shut down, removing -- at least temporarily -- the danger to users of Internet Explorer.
Although the site was up as late as early Friday morning, later in the day it was inaccessible. Multiple security firms confirmed that the site was down, and TechWeb was also unable to reach the site.
The attack, considered to be among the most sophisticated to date, first compromises Microsoft IIS servers, then appends malicious JavaScript code onto each page served by the infected site. End users who simply view an infected page are invisibly redirected to the Russian hacker site, which then loads one of several backdoor components and a key logger to the PC.
"The [hacker] domain is no longer available," said Ken Dunham, director of malicious code research at iDefense. "Although it could be due to high levels of traffic to the site, it's more likely it's been made unavailable because of the malicious content it was hosting." McAfee's virus research manager, Craig Schmugar, also confirmed that the site was down.
While that eliminates the immediate threat to Internet Explorer users -- with the site offline, nothing can be downloaded to compromised machines -- this is nowhere near the end of the story, said security experts.