FFS
Malware is fast overtaking spam as an absolute pain in the arse. People should be shot for this kind of thing.
Mass compromise powers massive drive-by download attack
More than 10,000 web pages have been booby trapped with malware in one of the largest attacks of its kind to date. Compromised web pages include travel sites, government websites, and hobbyist sites that have been modified with JavaScript code that silently redirects visitors to a site in China under the control of hackers. …
-
Thursday 13th March 2008 14:10 GMT Del Merritt
Play the shame game
So where's the list of sites affected? All that is spread is FUD if you don't make clear who/what to avoid.
If a truly "major" site was infected, it's important for its visitors to know.
Of course, all of the references at McAfee's Avert Labs appear to point to ActiveX - not a problem for this Linux fanboy - but unfortunately I have friends and relatives using Winblows, and if there's a reasonable chance that one of these 10,000 sites is on their list of regulars, I'd like to forewarn them appropriately.
-
Thursday 13th March 2008 14:16 GMT Trygve Henriksen
Shooting bastards...
Yes, we should start shooting malware creators and other low-life.
And we should start by shooting those who run 'bulletproof hosting' services. They're the easiest of the low-life to be found)
Without those servers, it would be very difficult for Pill-peddlers and other low-life to set up shop, and without shops, why bother to send out SPAM?
The same goes for Malware. Many of them also need a 'discreet' hosting service. And if they can't get hosting for their files...
There's also the 'Dynamic DNS' services.
This is sometimes used to poing idiots(those who read spam) to 'shops' hosted on compromised servers or PCs.
These services are really meant for 'low volume' usage(someone accessing his PC from the office, a 'home-brewed' game server or that sort), so it should be possible for them to 'switch off' the translation of a particular server name if the activity suddenly peaks...
Why don't they?
-
Thursday 13th March 2008 14:34 GMT Andy Enderby
An unfortunate new trend
There seems to be a trend of attacking web communities developing right now. I traced the miscreants responsible for an attack on two communities I deal with as a punter back to sites allied to the RBN (Russian Business Network), and am of the opinion that this is far from unique. After all, the returns are potentially far higher - the perps know the central themes in the community fora and can target scams more accurately. More return, less work.
Trusted Websites ? That's an oxymoron isn't it ? In the case above though, I was one of the few that got away without getting compromised.
-
Thursday 13th March 2008 16:12 GMT Anonymous Coward
Linux? Maybe, maybe not
As a "Linux Fanboi", I'd have to say that currently Linux users have some protection from this---but although I believe *nix is generally more secure, if it had anywhere near the popularity that Windows has with end-users, I'm sure there would be many more exploits. Right now its comparative rarity and the lack of total interoperability between different flavors of Linux makes it more secure.
For everyone, I'd personally recommend Firefox and a script blocker like "NoScript" IE's headed in the right direction, but the annoying and worthless popups that you have to click through to get anything to work causes them to undermine their own usefulness---after a while, people will blindly just 'click it' when IE "cries wolf", or lower their security settings out of annoyance when they get a bland and uninformative warning every time they try to do something.
I recently installed the beta of XP SP3 on one of my Windows boxes, and the generic warning to the effect of: "this contains a potential security risk" when doing something as innocuous as copying files across the network is useless and maddening...
-
-
Thursday 13th March 2008 19:50 GMT Morely Dotes
A Modest Proposal
OK, *another* Modest Proposal:
Both US and UK Special Operations teams need lots of training in order to stay sharp for real warfare.
I suggest those teams be assigned to identify all members of the RBN, hunt them down, and capture, or if capture is not practical, kill them.
And I really am serious. Wipe out the RBN and you'll eliminate a huge volume of spam, and make it possible for Joe Sixpack to pay his mortgage (because he didn't stupidly get fleeced by an RBN spammer).
Once the RBN is down, move on to the next-largest spam/malware gang. Lather, rinse, repeat.
The heart icon, because that's what I want: The warm, still-beating hearts of the RBN members ripped from their chests on live Webcam.
-
Thursday 13th March 2008 19:50 GMT John Rotomano
Only IE seems to be affected.
From original report by McAfee Avert Labs, it seems that only users running Internet Explorer wold be affected, since the exploits us Active Xcontrols that are not implemented in Mozzilla browsers. The attack involves injection of script into valid web page to include a reference to a malicious .JS file which loads an HTML file that attempts to exploit vulnerabilities such as:
* MS06-014
* RealPlayer (ActiveX Control)
* Baofeng Storm (ActiveX Control)
* Xunlei Thunder DapPlayer (ActiveX Control)
* Ourgame GLWorld GlobalLink Chat (ActiveX Control).
So you should be safe if you use any non-microsoft browser (like Firefox, or any mozzilla browser).
-
Friday 14th March 2008 01:40 GMT Anonymous Coward
Double hit for Microsoft
Not only are the exploits used to infect users all in IE but all the infected sites are using ASP. So both their client and server software is vulnerable ... terrific.
I'm surprised Microsoft doesn't just move into the malware and virus business full time! They are missing out, everyone is exploiting the potential to make money from their software and they aren't taking their cut?
-
Friday 14th March 2008 01:40 GMT Steve Roper
To all calling for death to the scum
I'm very pleased to see my recent campaigns to institute public execution of these filth seem to be gaining support! My preferred method is mass public hanging; it's more spectacular and dramatic than shooting. :D So, all together now... 1... 2... 3...
Ch-klick... HOCK! OOOORRRRAAAAAYYYYYYY!!
-
Friday 14th March 2008 09:44 GMT Dr Patrick J R Harkin
We shouldn't use the phrase "Trusted site"
If your PC is connected to the Real Internet (as opposed to the Happy La La Internet some people seem to think is out there) it should be hardened against malware so that if you ever click on an inappropriate link in Google you don't get hosed. You can't reliably avoid "untrusted sites"; you need to be prepared for the day you accidentally end up on one.
If you need me, I'll be in the basement, stockpiling canned food and dried goods.
-
Friday 14th March 2008 10:15 GMT Giorgio Maone
Yes, NoScript is effective in this case too
@Tony W:
in all these attacks the malicious scripts, even if embedded in "trusted" pages, are actually loaded from sites you're very unlikely to have ever heard of, hosted in obscure Chinese servers.
When you allow the "trusted" page to execute JavaScript, NoScript still prevents 3rd party scripts from loading unless you explicitly allow them too one site by one: hence yes, NoScript is an effective protection in this case as well.
This topic is closed for new posts.
Biting the hand that feeds IT
