While Finjan was researching a server hosting a new version of NeoSploit crimeware toolkit, a database of over 8,000 ftp accounts was uncovered. 10% of Alexa’s top 100 domains login username & password are in the database. A majority of the accounts originate in the United States.

Also uncovered was a trading application that rates the quality of the compromised accounts according to location of the ftp server. This allows hackers to put a price on the stolen accounts.

These login credentials were stolen by appending an HTML iframe tag onto the victims website. This type of attack we are finding almost every day during our own research. Finjan identified government websites hosting similar malicious code on their websites. An example they talked about was a website belonging to a State Superior court.

Finjan is offering to identify if your website appears in this database by filling out this form.

Tags: CyberCrime, Information Security, Malware, Web Defacement, Web Vulnerability

Author: Christopher

Top 5 attacks used by U.S. hackers

1. Generic File Inclusion
2. Mambo register_globals Emulation Layer Overwrite
3. File Inclusion attacks against php developed applications
4. Microsoft Windows COM Objects Handling Vulnerability
5. Nachi Worm WebDAV attack

Top 5 attacks used by foreign hackers

1. HTTP overflow attack
2. Generic File Inclusion Blocking HTTP Incoming
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Source: SecureWorks

Tags: CyberCrime, Emerging Threats

Author: Christopher

Al Gore’s Word-Press blog to promote his film “An Inconvenient Truth” was recently hacked with links selling online pharmaceuticals. These types of attacks are far too common with spammers looking for ways to peddle their wares. Like many other blog platforms, Word-Press has been plagued with security exploits and vulnerabilities.

Hackers compromise high profile sites like these to build legitimate links to their empire of sites to build traffic storms and search engine rank.

One of the most effective ways to protect your blogs is to keep the software up to date. It is also common for hackers to add malicious code to blog skins then distribute them publicly through sites like WP-Shere.

Tags: CyberCrime, Events, Security Breach, Web Defacement

Author: Christopher

A new MSN Messenger botnet is growing by hundreds of computers per hour.   This Trojan is another IRC bot variant that is spreading through MSN Messenger by sending itself in a zip file under two file names, both masquerading as digital camera images, one ending with .exe and the other with .pif.  These attachments may come through messages from a known contact on your “buddy list”.   This is the first Trojan found to date that scans for VNC connections (remote access) likely looking to increase the botnet’s number of connections.

Tags: CyberCrime, Emerging Threats, Malware

Author: Christopher

Top 5 attacks used by U.S. hackers

1. Internet Explorer 6 Buffer Overflow
2. Generic File Inclusion
3. Mambo register_globals Emulation Layer Overwrite
4. Microsoft Windows COM Object Handling Vulnerability
5. Internet Explorer HTML Help Remote Code Execution

Top 5 Attacks used by Foreign hackers

1. HTTP overflow attack
2. Generic File Inclusion
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Tags: CyberCrime, hackers, Information Security

Author: Christopher

US Hackers

1. Internet Explorer 6 Buffer Overflow
2. Internet Explorer HTML help Remote Code Execution
3. Internet Explorer redirect to local file
4. SomeFool.p
5. Zone Spoofing

Foreign Hackers

1. HTTP overflow attack
2. Generic File Inclusion
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Source: SecureWorks

Tags: CyberCrime, hackers

Author: Christopher