Browsing Category: Malware

Categories: Malware, Web Security

A security researcher who specializes in browser and Web 2.0 vulnerabilities plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem.
The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff.  It will disclose a  combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws that put Twitter users at risk of malicious hacker attacks.

Read more...

Categories: Malware

From The Register (Dan Goodin)
A targeted attack against a U.K.-based Web hosting company has destroyed the data of an estimated 100,000 of the company’s customers’ sites. Vaserv.com was hit by an attack this weekend that exploited a flaw in a virtualization application the company was running, leading to the erasure of mass amounts of customer data.

Read more...

Categories: Malware

From eWEEK (Matt Hines)
Researchers with security training experts SANS Institute have reported the emergence of a new wave of attacks seeking to take advantage of trust in online banking sites and digital certificate e-banking security programs.
The involved attacks target customers of Bank of America, asking targets to click through from e-mail borne links to URLs where they are asked to upload new digital certs to protect themselves when e-banking.  Read the full story [eweek.com]

Read more...

Categories: Malware

From TechTarget (Brian Sears)

I recently read an article where two experts expressed different ideas of what Conficker represented. One expert argued that Conficker was clearly not a botnet, as it lacked some of the basic abilities typically found in botnets. While the other expert said Conficker indeed was a botnet, In the end they both agreed Conficker represented a significant threat. So what is Conficker? Well in the case of our two experts, they were both right and wrong. In my opinion, Conficker appears as a package or a mesh of several different threats, each one with its own purpose. Read the full story [techtarget.com]

Read more...

Categories: Malware

From The Register (Dan Goodin)

A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday [websense.com].

The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at security firm Websense. The injected code is designed to look like a Google Analytics script, and it uses obfuscated javascript, so it is hard to spot. Read the full story [theregister.co.uk]

Read more...

Categories: Malware

From CNet (Elinor Mills)

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K. Read the full story [cnet.com]

Read more...