Password-stealing hackers infect thousands of Web pages

Discussion in 'malware problems & news' started by ronjor, Mar 13, 2008.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,803
    Location:
    Texas
    Story
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Just think of it like going to a hotel room. You are using something that others have used before. You never know what you will pick up. :rolleyes: :gack:
     
  3. Dorn

    Dorn Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    34
    wow if they can infect the trend micro website then the trend are not so good at giving protection.
    I remember someone said that they had the best antivirus but it doesnt seem so o_O
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    The quality of an AV has nothing to do with a hacked website. This is becoming a very common occurrence and it's happened to other security sites as well.

    From the article:
    If you keep everything up to date, then you have nothing to worry about :).
     
  5. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I agree with innerpeace, the quality of an AV has nothing to do with hacked web sites...
    They are looking for vulnerable php scripts or others like ajax or Java... so be on the lookout when you build web sites that you update the scripts you use to add value features... That is what they are looking to exploit!

    Unfortunately many developers build in the features but never update the scripts to keep them secure... There lies the vulnerability! Also very few web sites have technology to monitor hacks to script engines for their sites... it's technically complex so most never bother... It can also be expensive bandwidth wise and most due to a lack of understanding delegate the security to the Web server security instead of monitoring the sites themselves for code injections or SQL injections via vulnerable bi directional scripted gateways.

    Typically the hackers will use web crawlers, and spiders practically identical to those used by search engines to craw a web site to build and profile all vulnerable scripts it can find then it attacks them with code injections... sometimes it will do so blindly without even scanning... I guess not all hackers are created equal.

    For example yesterday I had a hacker trying to inject code into one of my web sites. 8 code injections attacks in total from 4 different countries... (All the same hacker probably).

    He was scanning for the following vulnerable scripts:

    Here is a small but very fresh sample of what they are usually looking for:

    Webmasters You could be at risk if you run one of these scripts :
    ActiveCalendar / ActiveKB / Artmedic CMS / Bubbling Library / Dayfox Blog / eNetman / ISS Proventia GX5008 / ISS Proventia GX5108 / L2J Statistik Script / Minki / PHPDJ / Synergiser / Verlihub Control Panel / ZPanel
     
    Last edited: Mar 20, 2008
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Will Noscript and Firefox with adblock plus stop this? Noscript has an option to block web bugs.
     
  7. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well.. If you mean the examples I produced in my previous post, no as these are scripts on web servers within the sites themselves. The hacks the scans are seeking to inject in this case are in those sites Not on your pc. However as far as you browsing to a site with the exploit active, then yes Noscrip should be able to protect you given that you do not enable the scripts with the hacks. Unfortunately it is difficult to juge which scripts to allow simply based on a visit. One must be able to recognize a hack from a legitimate script to allow it safely...

    This is why I recommend the trio Firefox w/NoScript + Linkscanner Pro + SiteAdvisor as they sort of complement each others as well as work as a fail safe mechanism when one may miss a bad script the other might catch it...
     
Loading...
Thread Status:
Not open for further replies.