Symantec’s Monthly State of Spam report for March showed an increase in bounced messages that found spammers forging sent email addresses and using them in the “From” header of their own Spam messages.

Reminiscent of Backscatter, spammers are taking advantage of mail transfer agents configured to send back a list of failed email recipient addresses, an explanation of the cause of failure, and a copy of the original email. This opens a window for Spam attacks, as anti-spam filters do not block most “failed email” replies. Since spammers forge the sender’s address, this mail is going to be received by people who have nothing to do with the Spam.

Corporate networks will feel the greatest burden of the increased attacks. Using increased bandwidth and an increase of unwanted Spam messages in users’ inboxes will result in lost productivity. Networks are encouraged to configure mail transfer agents to not send back a copy of the original failed messages and require signatures for outgoing emails.

Author: Christopher

(No Ratings Yet)

 Loading ...

Almost 300,000 web sites hosted with Internet Information Services are infected with a new malicious malware according to PandaLabs. By injecting SQL code in all pages hosted on the same IIS server, this vulnerability allows hackers to inject SQL code and redirect the visitor to a malicious site. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the information found on the scan.

If your site is hosted with Internet Information Services it is highly recommended you check to see if your site is compromised. To check if your site is compromised, search your source code for the following IFRAME reference: “<script src=http://www.nihaorr1.com/1.js>”. If this IFRAME reference is found, remove them immediately and notify your IIS admin right away.

Author: Christopher

(No Ratings Yet)

 Loading ...

1,800 attacks were registered throughout the United States throughout the last month, almost 20% higher than the previous month.  Foreign based attacks showed a decline of 4.5% resulting in over 2,800 attacks originating from a Foreign IP space.

Top 5 attacks used by U.S. hackers

• Cisco IOS HTTP Server HTML auto-view exploit
• Hacktool FxScanner detection
• PerlCal CGI reconnaissance directory traversal
• PHPNuke reconnaissance directory traversal
• Cisco IOS denial of service attack using non-standard protocol

Top 5 attacks used by foreign  hackers

• Generic File Inclusion Attack
• Mambo register_globals Emulation Layer Overwrite
• HTTP overflow attack
• phpBB Activity Module File Inclusion
• WebDAV Overflow Attempt

Author: Christopher

(No Ratings Yet)

 Loading ...

While Finjan was researching a server hosting a new version of NeoSploit crimeware toolkit, a database of over 8,000 ftp accounts was uncovered. 10% of Alexa’s top 100 domains login username & password are in the database. A majority of the accounts originate in the United States.

Also uncovered was a trading application that rates the quality of the compromised accounts according to location of the ftp server. This allows hackers to put a price on the stolen accounts.

These login credentials were stolen by appending an HTML iframe tag onto the victims website. This type of attack we are finding almost every day during our own research. Finjan identified government websites hosting similar malicious code on their websites. An example they talked about was a website belonging to a State Superior court.

Finjan is offering to identify if your website appears in this database by filling out this form.

Author: Christopher

(No Ratings Yet)

 Loading ...

Top 5 attacks used by U.S. hackers

1. Generic File Inclusion
2. Mambo register_globals Emulation Layer Overwrite
3. File Inclusion attacks against php developed applications
4. Microsoft Windows COM Objects Handling Vulnerability
5. Nachi Worm WebDAV attack

Top 5 attacks used by foreign hackers

1. HTTP overflow attack
2. Generic File Inclusion Blocking HTTP Incoming
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Source: SecureWorks

Author: Christopher

(No Ratings Yet)

 Loading ...

Al Gore’s Word-Press blog to promote his film “An Inconvenient Truth” was recently hacked with links selling online pharmaceuticals. These types of attacks are far too common with spammers looking for ways to peddle their wares. Like many other blog platforms, Word-Press has been plagued with security exploits and vulnerabilities.

Hackers compromise high profile sites like these to build legitimate links to their empire of sites to build traffic storms and search engine rank.

One of the most effective ways to protect your blogs is to keep the software up to date. It is also common for hackers to add malicious code to blog skins then distribute them publicly through sites like WP-Shere.

Author: Christopher

(No Ratings Yet)

 Loading ...