Hackers infiltrated popular tech business site eWeek.com using Google's DoubleClick banner ads as a vehicle. Websense caught the malicious coding and published its results, which spurred eWeek to scour its code and remove all phony advertisements.
The pest, named Anti-Virus-1, is complicated and smart. The advertisements are for antivirus software, and when a user clicked on them, the ads redirect to a pornography Website through a series of iframes. Then a PDF pops up loaded with evil code, exploiting a weakness currently festering in the Adobe systems; or the file index.php redirects to the rogue ad server. The server places a file named "winratit.exe" into the user's temporary files folder and stays there without any user interaction.
If the user tries to cleanse the computer by visiting any of several popular software downloading sites, the hack has a twist of the blade waiting: the host file is modified to redirect to even more malicious Websites offering further rogue downloads.
eWeek may not be the first popular Website to be attacked."Given DoubleClick's tremendous reach,it's possible the rogue ads have shown up on Websites other than eWeek," Websense Vice President of Security Research Dan Hubbard told The Register.
Friday, February 27, 2009
Wednesday, February 25, 2009
Following the news that hackers took control of Twitter accounts belonging to a number of celebrities including Barack Obama and Britney Spears, security firm Sophos has revealed that Miley Cyrus is the latest celebrity to have her account with the micro-blogging service compromised.
Cyrus, who stars in the Disney Channel show 'Hannah Montana' and is the daughter of country-music legend Billy Ray Cyrus, found hackers had left poorly-spelt offensive messages on her Twitter page, after accessing her account details. The micro-blogging service has since shut down the page.
"This is just the latest hacking incident to happen on Twitter and chances are it's not going to be the last," said Graham Cluley, senior technology consultant at Sophos.
"Cybercriminals are only ever one step behind the latest computer craze and as tweeting has been growing in popularity, the hackers have been quick to realise the potential in hacking these accounts."
"It appears that Miley didn't learn the lesson last year and hasn't been taking enough care over her password security," Cluely added in reference to an incident last year when hackers broke into her email account and stole photographs of the star, which were later posted on the web.
Tuesday, February 24, 2009
What's the most common type of malware on the Internet? Viruses? Botnet code? How about password-stealing worms, designed to victimize online gamers?
Microsoft said Thursday it had removed nearly 1 million samples of a particularly virulent password-stealing worm in the first half of February. The company's Malicious Software Removal Tool (MSRT) rooted out more than 981,000 copies of a family of programs called Win32/Taterf, best known for stealing usernames and passwords for games such as World of Warcraft, Legend of Mir and Gamania.
Taterf has been especially widespread for months now. Microsoft removed more than 700,000 copies of it in one day alone last year. The worm is a mutated version of another password stealer, known as Win32/Frethog -- Microsoft has zapped nearly 317,000 copies of Frethog this month.
Online passwords are a popular target because they can be turned to cash, often in untraceable ways. The criminals use the hacked accounts to steal characters and virtual gold or other treasures, which are then sold to fans who pay real-world cash.
Although China has traditionally been the top spot for password-stealing infections, that seems to be changing, Microsoft said in a blog posting. In the first week of February, the top three countries, ranked by number of Taterf infections, were the U.S., Taiwan and Korea, respectively.
The MSRT is available free of charge to Windows users, and it gets monthly updates from Microsoft. Because it is so widely used, it can have a major effect on any piece of malware. MSRT is credited with crushing the notorious Storm worm in 2007.
This month Microsoft added MSRT detection for another notorious botnet, called Srizbi. Total number of Srizbi infections removed since the update: 38,697.
Thursday, February 5, 2009
Mozilla developers released the latest version of their Firefox browser Tuesday, version 3.0.6, which fixes several security bugs in the software.
The update, Firefox's first of the year, also fixes five other security bugs in the browser, all of which are considered less critical.
The update includes some other performance and stability improvements, including new code that will help scripted commands, such as those used by Adblock Plus, to work better with plug-ins, and addresses a few display issues reported by users.
Tuesday, February 3, 2009
A total of 6.37 billion text messages were sent through their messaging systems across Asia Pacific over the 2008/2009 Christmas and New Year period.
According to Acision, the communication solutions provider, short message service (SMS) messages formed a large majority of the traffic with 6.36 billion messages, while multimedia messaging service (MMS) messages were recorded at 9.54 million messages.
Philippines sent most messages
The top five countries with the highest SMS traffic processed over the festive season were the Philippines, again leading the ranking with 2.36 billion messages, closely followed by Indonesia (1.193 billion), Malaysia (1.075 billion) and Pakistan (763 million).
Boudewijn Pesch, managing director of Acision, Asia Pacific, said, "The festive season still remains a favourite high traffic period for operators and consumers alike. Compared to last year's traffic, this year the total messaging traffic in Asia Pacific grew by 40 percent."
MMS picks up
"In addition, we are seeing MMS traffic picking up pace across the region with 9.5 million MMS messages processed during this festive season. MMS traffic is bound to increase as consumers become increasingly savvy in interacting with their personal blog sites and applications such as Facebook", Pesch said.
In terms of year-on-year growth, Pakistan traffic volume grew by 253 percent compared to last year during the same period. Other markets that experienced high messaging growth include Philippines (65 percent), Australia (57 percent), Indonesia (27 percent) and Malaysia (13 percent).
"We are seeing a continued demand for robust and reliable SMS infrastructure and high quality end-to-end SMS solutions, as more and more mobile operators place their trust in the Acision's high performance SMSC", Pesch said.
Monday, February 2, 2009
The odds are pretty good that this will never happen to you, but should a floating head of U.S. President Barack Obama pop up on your desktop Monday morning, know this: You've been hit with the Obama worm.
The worm was spotted this past Monday after it infected PCs at a preparatory school in Metairie, Louisiana, and was first reported by Walling Data, a value-added reseller in Claremont, North Carolina. Though it is not detected by any antivirus products right now, it is not considered to be a serious threat because it has infected so few systems.
The worm spreads via USB drive, using the Windows autorun feature to install itself automatically on any drive it connects with. Unlike most of today's profit-driven malware, the Obama worm doesn't steal your credit card number or turn your PC into a remote-controlled zombie system. In fact, it isn't designed to do anything besides float a small picture of Obama at the bottom right corner of your desktop all day every Monday.
Unfortunately, it is so badly written that the worm gradually renders any PC it is run on completely useless, according to Rob Koliha, Walling Data's director of innovation. "It will basically prevent execution of any kind of files."
Because antivirus programs don't detect it yet, it's also hard to know when you've been infected, except on Monday.