Sophos is warning computer users to be vigilant following its discovery that legitimate web pages on the website of Adobe Systems were hosting malicious code that can infect visiting computers.
Sophos identified the threat, known as Mal/BadSrc-C, on the Fortune 1000 company's 'Vlog It support center section' – an area providing tips for video bloggers – on Friday 3 October. Despite repeated attempts by Sophos to contact Adobe about the problem, the malicious code was still present several days later.
Mal/BadSrc-C is a dangerous piece of malware that spreads by infecting the PCs of unsuspecting users with SQL injection attacks which download more malicious scripts from the net, and ultimately infect victims with spyware.
"Incidents like this show once again that even established and respected companies like Adobe are not immune to the growing tide of web-based malware attacks. These infections are insidious, meaning the most well-intentioned Internet users can be hit without knowing it," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Afirca.
With over 90% of web infections now found on legitimate sites, companies need to take control to avoid putting potential customers at risk.
"Organisations need to ensure that their websites are properly coded and that security is in place to stop these kinds of attacks," says Myroff.