Keeping the community alive, post Pownce
Big-name sites spread latest malware infections
Going by such names as Gumblar, JSRedir-R, Martuz, and Beladin, a new generation of malware has managed to surreptitiously place malicious JavaScript code on tens of thousands of popular Web sites.
Top Story, June 11, 2009
By Susan Bradley
http://windowssecrets.com/2009/06/11/01-Big-name-sites-spread-latest-malware-infections
The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.
Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.
After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.
Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.
Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.
Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.
Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:
* Step 1: Use a hardware firewall.
* Step 2: Install a set of security software.
* Step 3: Scan your system regularly with a software-update service (more on these below).
* Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.
Top Story, June 11, 2009
By Susan Bradley
http://windowssecrets.com/2009/06/11/01-Big-name-sites-spread-latest-malware-infections
The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.
Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.
After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.
Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.
Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.
Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.
Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:
* Step 1: Use a hardware firewall.
* Step 2: Install a set of security software.
* Step 3: Scan your system regularly with a software-update service (more on these below).
* Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.
Add a Comment
About
© 2009 Created by Heidi Cool on Ning. Create Your Own Social Network
You need to be a member of Pownce Refugees to add comments!
Join this social network