Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hack Attack Hits 10,000 Web Sites

Started by Major Payne , Jan 21 2008 04:23 PM

  • Please log in to reply

#1
Major Payne
Posted 21 January 2008 - 04:23 PM

Major Payne

    Retired Staff

  • Retired Staff
  • 5,307 posts

A large-scale hack of legitimate Web sites to infect visitors' PCs is much more massive than first thought, researchers said Friday. At least 10,000 sites have been compromised, and have hijacked unpatched systems that steered to their URLs.

On Monday, Mary Landesman, a senior security researcher at ScanSafe Inc., said that she had uncovered hundreds of sites which had been hacked and were feeding exploits to visitors. Friday, Don Jackson, a senior researcher with Atlanta-based SecureWorks Inc., said the number was considerably larger.

According to ScanSafe's data, approximately 10,000 sites hosted on Linux servers running Apache, the popular open-source Web server software, have been hacked, most likely with purloined log-in credentials. Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger.

If the visitor's PC is unpatched against any of the nine exploits Jackson listed, it's infected with new variant of Rbot, the notorious backdoor Trojan he called "a very nasty piece of software." The end result: The PC is added to a botnet.

Jackson's can't prove how the sites were originally hacked, but all the evidence points to the theft of log-on credentials; one reason why he came to that conclusion is that hosts that have been cleaned of the infection -- or in some cases even had Linux reinstalled -- are quickly reinfected.

"There was no sign of brute forcing [of passwords] just prior to the infection," said Jackson, "but attackers hosting companies are hit all the time with password attacks. It's part of doing business."

Earlier in the week, Landesman of ScanSafe drew a link between the security breach at U.K.-based Fasthosts Ltd., that country's largest Web hosting vendor, and the site hacks, saying then that the domains ScanSafe had found infected had, or had recently had, a relationship with Fasthosts.


More...

Ron
  • 0

Advertisements

Back to Off-Topic · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Discussion
  3. Off-Topic

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP