Late in December 2007, something Roger Thompson of Grisoft characterized as “a pretty good mass hack” compromised tens of thousands of websites, including edu and gov domains, with an automated SQL injection. The hack exploited a Microsoft SQL Server vulnerability that was over a year old, one that was patched in early 2006 by the MS06-014 security update. The hack injected into SQL databases an SQL iterative loop with a JavaScript tag that appends itself to every column of text. The script instructs browsers reaching the site to execute another script hosted on a malicious server. From what is known, those hacked appeared to share little in common except a common weak spot in their SQL server databases. Since those hacked are not bragging about it, the identities of the hackers as well as the actual purpose of the hackers was, and is, unclear.

Although the mass hack was cleaned up in record time, quickly relieving many fears of disastrous consequences, the possibilities from the hack may have been broader than what actually took place. One professional web developer responding on Thompson’s blog anxiously noted, “Looks like exploits for Y! Messenger, IE TIFF overflow and RealPlayer are also in there. Yikes.” Symantec and other experts analyzing the JavaScript itself agreed that the malicious script targeted a RealPlayer bug, one much more recent that the server vulnerability. The RealPlayer bug targeted had been found and fixed in October 2007, only a couple of months before the hack.

Those hacked were not simply at-home users or amateur server owners. According to Thompson, who reported the hack on January 5, 2008, “some victims were pretty sophisticated in terms of security smarts, including, apparently, some Computer Associates pages.” While it appears that no seriously harmful damage resulted from this particular hack, its massive size leaves many users troubled about other equally vulnerable bugs that may exist in their own server farms.

Author: Christopher

(No Ratings Yet)

 Loading ...

A recent article on Forbes talks about a Lieutenant Colonel of the Army purchasing Apple Macintosh computers to decrease their risk of exploitation. Primarily in response to the recent security breach of the Pentagon back in June as well as a few other incidents. It is widely discussed that Macintosh computers are more secure than Windows & Linux based computers because fewer vulnerabilities exist for the Mac platform.

What I never hear talked about in these discussions is the alarming fact that Macintosh had five and a half more vulnerabilities per month on average than Windows throughout the year 2007. You can see the details and the numbers in a recent ZDNet article. It is quite common to see Macintosh users without any active Malware (Anti-Virus, Worm, Trojan, Spyware) protection.

Back in April 3Com held a short lived contest that resulted in compromising a fully patched Macintosh laptop for a prize of $10,000 and the MacBook.

Author: Christopher

(No Ratings Yet)

 Loading ...

Al Gore’s Word-Press blog to promote his film “An Inconvenient Truth” was recently hacked with links selling online pharmaceuticals. These types of attacks are far too common with spammers looking for ways to peddle their wares. Like many other blog platforms, Word-Press has been plagued with security exploits and vulnerabilities.

Hackers compromise high profile sites like these to build legitimate links to their empire of sites to build traffic storms and search engine rank.

One of the most effective ways to protect your blogs is to keep the software up to date. It is also common for hackers to add malicious code to blog skins then distribute them publicly through sites like WP-Shere.

Author: Christopher

(No Ratings Yet)

 Loading ...

Sites like MySpace and Photobucket are seeing a significant amount of malicious banner ads planted on their pages. Other heavily volume sites are noticing similar occurrences of difficult to detect javascript based trojan downloaders.

These types of threats are very dangerous as you do not have to click on the ad to be infected. These types of ads are not automatically filtered by Right Media’s ad servers as the trojan writer add in code to not display infect the ad if coming from a Right Media IPs. These ‘Agent’ trojans are becoming popular vehicles to deliver more dangerous malware.

Author: Christopher

(No Ratings Yet)

 Loading ...

Yung-Hsun Lin recently plead guilty to writing and installing a logic bomb on the company network at Medco Health Solutions. Concerned he may be laid off, he planned on disrupting Medco Health Solutions ability to know if a customer’s new prescriptions would have adverse interactions with their existing prescriptions.

Fortunately another administrator found the threat before it had a chance to go off. Medco estimates the problem cost them between $70,000 – $120,000 to clean up.

If convicted, Lin could be facing 10 years in prison; although his plea deal is for 30 to 37 months.

Author: Christopher

(No Ratings Yet)

 Loading ...

According to a recent press release, Kaspersky reported finding the Virus.Win32.AutoRun.ah virus on brand new Maxtor 3200 Personal Storage drives sold in the Netherlands.

The virus looks around a computer searching for gaming passwords and deletes MP3 files. Kaspersky speculates these drives were some how infected during the formating process.

Author: Christopher

(No Ratings Yet)

 Loading ...