More of The Same: Another Half Million Web Sites Compromised
Posted: Sat May 10, 2008 11:28 pm
More of The Same: Another Half Million Web Sites Compromised
Excert */
There’s no breathing easy when it comes to online security these days. As some several thousands of Web sites try to recover from being hacked via SQL injection barely two days ago, in comes another massive attack on more than half a million Web sites.
Advanced Threats Research Program Manager Ivan Macalintal found the malicious script JS_SMALL.QT injected into various Web sites believed to be either using poorly implemented phpBB, or are using older, exploitable versions of the said program. In the past, some of these compromised sites were found to have been riddled with “phake pharma” and porn comment spam, while others were seen to be previously defaced by underground hackers. Advanced Threats Researcher Alice Decker have seen infections relating to this malicious script as early as February this year.
This compromise is almost similar to the mass compromises that we’ve seen earlier — visiting a compromised site leads to a series of redirections, which eventually causes the downloading of malware. In this case, TROJ_ZLOB.CCW is on the tail-end. In true ZLOB fashion, this variant poses as a video codec installer
/* Excert End
to read the full story please viist :: http://blog.trendmicro.com/more-than-a- ... mpromised/
Excert */
There’s no breathing easy when it comes to online security these days. As some several thousands of Web sites try to recover from being hacked via SQL injection barely two days ago, in comes another massive attack on more than half a million Web sites.
Advanced Threats Research Program Manager Ivan Macalintal found the malicious script JS_SMALL.QT injected into various Web sites believed to be either using poorly implemented phpBB, or are using older, exploitable versions of the said program. In the past, some of these compromised sites were found to have been riddled with “phake pharma” and porn comment spam, while others were seen to be previously defaced by underground hackers. Advanced Threats Researcher Alice Decker have seen infections relating to this malicious script as early as February this year.
This compromise is almost similar to the mass compromises that we’ve seen earlier — visiting a compromised site leads to a series of redirections, which eventually causes the downloading of malware. In this case, TROJ_ZLOB.CCW is on the tail-end. In true ZLOB fashion, this variant poses as a video codec installer
/* Excert End
to read the full story please viist :: http://blog.trendmicro.com/more-than-a- ... mpromised/