The official website of Stephenie Meyer (stepheniemeyer.com), the author of the world renowned Twilight book series, was turned into a zombie by cybercriminals who took advantage of the site's popularity to host a Crimepack exploit kit on it.
GFI experts report that Avast noticed the attack on the writer’s site. Coincidentally, similar to Meyer’s books, unsuspecting internet users who got “bit” by the nasty infection had their computers turned into zombies.
The crooks would then use these zombie computers as part of a botnet designed to spread spam and launch denial of service (DOS) attacks.
Back in 2010 security investigator Brian Krebs detailed the effects of the malicious Crimepack exploit kit, which at the time was among the best-selling exploit packs a cybercriminal could buy.
The exploit pack is designed to look for unpatched security holes in products such as Java, PDF readers, Internet Explorer, LibTIFF, which we’ve seen earlier as being used a lot these days, Webstart, and other popular software components.
Crimepack’s advanced control panel allows the masterminds controlling it to see exactly which vulnerabilities they exploit, which operating systems their victims use, and which browsers. The dashboard also permanently informs them on the number of victims and their country of origin.
Currently, Stephenie Meyer’s site is malicious code free, but to make sure that their computers cannot be turned into zombies after visiting compromised websites, users are advised always to apply security updates when they’re made available by the vendor.
Most pieces of malware still rely on vulnerabilities that were patched up by the developers years ago, which is why it’s important to ensure that products such as Adobe Reader, the web browser, Adobe Flash Player and Java are always up to date, not to mention the antivirus solution.
Internauts who have visited the site in the past period and fear that their computers may be infected should run a full system scan with a reliable antivirus.