From Websense Security Labs
Early last week, we posted an alert about a mass injection attack in the wild we named Nine-Ball. This attack compromised over 40,000 legitimate Web sites in an ongoing campaign. The scale of the attack was spotted June 2, 2009, and since then the campaign has evolved several times. In this blog we will provide further detail and analysis on the Nine-Ball campaign. Read the full post [Websense.com].
Browsing Category: Malware
From Websense Security Labs
Criminals often register their own domain name to perform phishing attacks. Unlike the other common phishing site scenarios (including hacked servers, open redirects, and abuse of free webhosting), phishing sites that have their own domain name can be harder to remove, because the website owner and domain owner is the fraudster. Only the hosting and DNS providers and the domain registrar are able to take the site down and also likely to cooperate. Read the full story [netcraft.com]
From MediaPost (Laurie Sullivan)
A wave of fake Twitter email invitations sent in hopes of luring people to unzip a file to find out who invited them has been hitting unsuspecting victims. The message carries a mass-mailing worm. It looks around on infected computers and sends emails to addresses it finds.
The message appears as if it came from a Twitter account, but unlike a legitimate Twitter message, there is no invitation URL in the body of the email. Instead, the user sees an attachment that appears as a .zip file containing an invitation card. When the zip file is opened, the virus spreads. Read the full story [mediapost.com]
Enterprise IT security staffs looking for some mitigation for the newly released HTTP DoS tool may have a few options. The analysts at the SANS Internet Storm Center are recommending that organizations running Web servers that are vulnerable to the tool’s attack make some basic configuration changes to their servers to help mitigate the effects of the attack.
From PC World (Erik Larkin)
It doesn’t take much to get started in Internet crime these days. Find the right site, hand over $50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the “Golden Cash” site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn’t cost much. Read the full story [pcworld.com]
From Computerworld (Gregg Keizer)
A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. Read the full story [cio.com] Also see commentary from Roel Schouwenberg [viruslist.com]
A security researcher who specializes in browser and Web 2.0 vulnerabilities plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem.
The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff. It will disclose a combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws that put Twitter users at risk of malicious hacker attacks.
From The Register (Dan Goodin)
A targeted attack against a U.K.-based Web hosting company has destroyed the data of an estimated 100,000 of the company’s customers’ sites. Vaserv.com was hit by an attack this weekend that exploited a flaw in a virtualization application the company was running, leading to the erasure of mass amounts of customer data.
Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks.
From eWEEK (Matt Hines)
Researchers with security training experts SANS Institute have reported the emergence of a new wave of attacks seeking to take advantage of trust in online banking sites and digital certificate e-banking security programs.
The involved attacks target customers of Bank of America, asking targets to click through from e-mail borne links to URLs where they are asked to upload new digital certs to protect themselves when e-banking. Read the full story [eweek.com]