back to article Mass compromise powers massive drive-by download attack

More than 10,000 web pages have been booby trapped with malware in one of the largest attacks of its kind to date. Compromised web pages include travel sites, government websites, and hobbyist sites that have been modified with JavaScript code that silently redirects visitors to a site in China under the control of hackers. …

COMMENTS

This topic is closed for new posts.

FFS

Malware is fast overtaking spam as an absolute pain in the arse. People should be shot for this kind of thing.

0
0
Rob
Go

@ Andy Turner

"Malware is fast overtaking spam as an absolute pain in the arse. People should be shot for this kind of thing."

If it's any consolation, in China there's a good chance that they will be. ISTR that the usual protocol involves sending their families a bill for the bullet...

0
0
Linux

Play the shame game

So where's the list of sites affected? All that is spread is FUD if you don't make clear who/what to avoid.

If a truly "major" site was infected, it's important for its visitors to know.

Of course, all of the references at McAfee's Avert Labs appear to point to ActiveX - not a problem for this Linux fanboy - but unfortunately I have friends and relatives using Winblows, and if there's a reasonable chance that one of these 10,000 sites is on their list of regulars, I'd like to forewarn them appropriately.

0
0
Paris Hilton

Spam = Malware = Spam

They're inextricably linked and often come from the same gangs. Firefox + Noscript should prevent most malware redirection attempts, we need to spread the word.

Paris? Already being spread.

0
0
Paris Hilton

Trusted websites?? didnt know they excisted.

again they target "Trusted" websites.. maybe people should stop using the term "trusted website" and use something like "seems to work so far"

Paris because even she knowns beter.

0
0

Shooting bastards...

Yes, we should start shooting malware creators and other low-life.

And we should start by shooting those who run 'bulletproof hosting' services. They're the easiest of the low-life to be found)

Without those servers, it would be very difficult for Pill-peddlers and other low-life to set up shop, and without shops, why bother to send out SPAM?

The same goes for Malware. Many of them also need a 'discreet' hosting service. And if they can't get hosting for their files...

There's also the 'Dynamic DNS' services.

This is sometimes used to poing idiots(those who read spam) to 'shops' hosted on compromised servers or PCs.

These services are really meant for 'low volume' usage(someone accessing his PC from the office, a 'home-brewed' game server or that sort), so it should be possible for them to 'switch off' the translation of a particular server name if the activity suddenly peaks...

Why don't they?

0
0

An unfortunate new trend

There seems to be a trend of attacking web communities developing right now. I traced the miscreants responsible for an attack on two communities I deal with as a punter back to sites allied to the RBN (Russian Business Network), and am of the opinion that this is far from unique. After all, the returns are potentially far higher - the perps know the central themes in the community fora and can target scams more accurately. More return, less work.

Trusted Websites ? That's an oxymoron isn't it ? In the case above though, I was one of the few that got away without getting compromised.

0
0
Dead Vulture

RE: Play the shame game

"So where's the list of sites affected? All that is spread is FUD if you don't make clear who/what to avoid."

Exactly. Warnings without names are pointless noise. Please don't waste our time.

0
0
Linux

Linux? Maybe, maybe not

As a "Linux Fanboi", I'd have to say that currently Linux users have some protection from this---but although I believe *nix is generally more secure, if it had anywhere near the popularity that Windows has with end-users, I'm sure there would be many more exploits. Right now its comparative rarity and the lack of total interoperability between different flavors of Linux makes it more secure.

For everyone, I'd personally recommend Firefox and a script blocker like "NoScript" IE's headed in the right direction, but the annoying and worthless popups that you have to click through to get anything to work causes them to undermine their own usefulness---after a while, people will blindly just 'click it' when IE "cries wolf", or lower their security settings out of annoyance when they get a bland and uninformative warning every time they try to do something.

I recently installed the beta of XP SP3 on one of my Windows boxes, and the generic warning to the effect of: "this contains a potential security risk" when doing something as innocuous as copying files across the network is useless and maddening...

0
0
Alert

China Domain?

And where is the pointing China Domain?

If we got this info we can block out going traffic to it...

0
0
Coat

Surely Phorm

Would have protected us. With this wonderful antiphishing service of theirs.

0
0
Heart

A Modest Proposal

OK, *another* Modest Proposal:

Both US and UK Special Operations teams need lots of training in order to stay sharp for real warfare.

I suggest those teams be assigned to identify all members of the RBN, hunt them down, and capture, or if capture is not practical, kill them.

And I really am serious. Wipe out the RBN and you'll eliminate a huge volume of spam, and make it possible for Joe Sixpack to pay his mortgage (because he didn't stupidly get fleeced by an RBN spammer).

Once the RBN is down, move on to the next-largest spam/malware gang. Lather, rinse, repeat.

The heart icon, because that's what I want: The warm, still-beating hearts of the RBN members ripped from their chests on live Webcam.

0
0
Linux

Only IE seems to be affected.

From original report by McAfee Avert Labs, it seems that only users running Internet Explorer wold be affected, since the exploits us Active Xcontrols that are not implemented in Mozzilla browsers. The attack involves injection of script into valid web page to include a reference to a malicious .JS file which loads an HTML file that attempts to exploit vulnerabilities such as:

* MS06-014

* RealPlayer (ActiveX Control)

* Baofeng Storm (ActiveX Control)

* Xunlei Thunder DapPlayer (ActiveX Control)

* Ourgame GLWorld GlobalLink Chat (ActiveX Control).

So you should be safe if you use any non-microsoft browser (like Firefox, or any mozzilla browser).

0
0

firfox + noscript ...

SImply run Opera. Problem solved.

0
0
Black Helicopters

And the servers?

The "vulnerable" servers are likely to be ( again ) LAMP servers. If this could make the penguins shut up a bit.. The last infection of this kind was based on a linux kernel rootkit ..

0
0
Pirate

Double hit for Microsoft

Not only are the exploits used to infect users all in IE but all the infected sites are using ASP. So both their client and server software is vulnerable ... terrific.

I'm surprised Microsoft doesn't just move into the malware and virus business full time! They are missing out, everyone is exploiting the potential to make money from their software and they aren't taking their cut?

0
0
Silver badge
Go

To all calling for death to the scum

I'm very pleased to see my recent campaigns to institute public execution of these filth seem to be gaining support! My preferred method is mass public hanging; it's more spectacular and dramatic than shooting. :D So, all together now... 1... 2... 3...

Ch-klick... HOCK! OOOORRRRAAAAAYYYYYYY!!

0
0
Thumb Down

Why do ISP not just block this server

End Done Fin

0
0
Unhappy

Is Noscript really a panacea?

So many sites rely on scripts that I have scripting allowed on many of the sites I visit. Then if the evil script is hosted by the site I am visiting, Noscript won't help.

0
0

We shouldn't use the phrase "Trusted site"

If your PC is connected to the Real Internet (as opposed to the Happy La La Internet some people seem to think is out there) it should be hardened against malware so that if you ever click on an inappropriate link in Google you don't get hosed. You can't reliably avoid "untrusted sites"; you need to be prepared for the day you accidentally end up on one.

If you need me, I'll be in the basement, stockpiling canned food and dried goods.

0
0
Happy

Yes, NoScript is effective in this case too

@Tony W:

in all these attacks the malicious scripts, even if embedded in "trusted" pages, are actually loaded from sites you're very unlikely to have ever heard of, hosted in obscure Chinese servers.

When you allow the "trusted" page to execute JavaScript, NoScript still prevents 3rd party scripts from loading unless you explicitly allow them too one site by one: hence yes, NoScript is an effective protection in this case as well.

0
0
This topic is closed for new posts.

Forums