Security firm Trend Micro websites hijacked

Trend Micro fell victim to a widespread web attack that affected dozens of legitimate web sites since last week, although Google estimates that 20 million websites could have been hit by the vulnerability.

A Trend Micro spokesperson acknowledged that the company's website had been under attack since Thursday.

But some reports say that pages altered by hackers have started to spread Trojan horse to unsuspecting Trend Micro website visitors as early as Sunday 9th March 2008.

The hackers used a malicious iFrame exploit to install the password-stealing programs with particular interest in online video games; sites using Microsoft's Active Server Page technology and phpBB forums were especially affected.

Mike Sweeny, a Trend Micro spokesman said "A portion of our site, some pages were attacked, We took the pages down overnight Tuesday night and took corrective action."

On Sunday, Raymond Genes, Trend Micro's CTO provided more details "On the 12th of March, we discovered that around 25 web pages had been infiltrated; these pages were English and Japanese pages concerned with malware, including our Virus Encyclopedia. When this infiltration was discovered, by our own monitoring tools, we shut down the site for approximately nine hours in order to run a forensic analysis and do a permanent fix".