Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hackers Attack Trend Micro

Started by CamTheMan , Apr 18 2008 10:32 PM

  • Please log in to reply

#1
CamTheMan
Posted 18 April 2008 - 10:32 PM

CamTheMan

    Member

  • Member
  • PipPipPip
  • 222 posts

Posted Image


Security vendor Trend Micro has fallen victim to a widespread Web attack that splashed malicious software onto hundreds of legitimate Web sites in recent days.

A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site -- some pages were attacked," said Mike Sweeny, a Trend Micro spokesman. "We took the pages down overnight Tuesday night -- and took corrective action."

On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.

Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft's Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages. A software bug in any of those programs is all the attackers need to install their malicious code.

The infected Web pages are not obviously malicious, but the attackers have added a small bit of JavaScript code that redirects visitors' browsers to an invisible attack launched from servers based in China. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game.

The JavaScript attack code hosted on these infected Web sites takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the "Lord of the Rings Online."

It's embarrassing when security vendors fall victim to the attacks they are supposed to prevent, but Trend Micro is not the only company to have had its Web site hacked in recent months. In January, parts of CA's Web site were infected with a very similar type of attack.



Source:
http://www.pcworld.c...,1/article.html
  • 0

Advertisements

#2
Sockdown
Posted 18 April 2008 - 10:47 PM

Sockdown

    Member

  • Member
  • PipPipPip
  • 393 posts
Wow. That must really suck. I mean, like the article says: "It's embarrassing when security vendors fall victim to the attacks they are supposed to prevent". But, new techniques are developed everyday. If there's a way in, there's a way out, I say.
  • 0

#3
CamTheMan
Posted 18 April 2008 - 11:48 PM

CamTheMan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
Oh yea no doubt I would be really embarrassed...

But you got to move on....

Maybe they should try
http://firewallscript.com/
  • 0
Back to Off-Topic · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Discussion
  3. Off-Topic

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP