New malware attack infecting Web sites
Security firm Websense has put out an advisory warning Web site owners about malicious code that redirects surfers to seemingly safe sites.
About 40,000 Web sites appear to have been compromised with rogue JavaScript code that redirects Web surfers to a fake Google Analytics site, after which they get passed onto a site that tries to exploit Internet Explorer or Firefox vulnerabilities to infect that PC with malware, according to a Websense researcher quoted by Computerworld. Just for good measure, if the site can't find a browser vulnerability, it tries to trick the user into downloading a Trojan.
It's not clear how the sites were compromised, but Computerworld reported the redirect sites are being hosted in the Ukraine, implying that the Russian Business Network is behind the threat.
This is a separate scam from the Gumblar attack that made the rounds last week, according to Websense.
Tom Krazit writes about the ever-expanding world of Internet search, including Google, Yahoo, online advertising, and portals, as well as the evolution of mobile computing. He has written about traditional PC companies, chip manufacturers, and mobile computers, spending the last three years covering Apple. E-mail Tom. 
It's because Macs, especially the laptops, are clean and sleek looking, so art people like them. And of course, many art people own them, so it's easier to take a picture of their own computer and then play with that.
And yes, this malware will likely not impact Firefox for the Mac (and since there is no IE for mac, it can't hurt mac users that way).
BTW, for users of Windows XP and 2000, you can learn how to indiscriminately lock your machine down against remote attacks (including the one this blog talks about) here: http://invincible-windows.blogspot.com/
Click where you're told, and "/usr/bin/say" will be executed on your machine with user permissions. Sun released a patch for this months ago; don't know if Apple has integrated it yet.
As far as CanSecWest is concerned, just Google "Dino Dai Zovi" and "Charlie Miller." Last year, Vista was apparently successfully infiltrated through a Flash vulnerability on the third day; I can't verify whether or not UAC was enabled.
Apple only has authentication which, just like with limited user accounts in Windows XP, are merely speed bumps to remote attackers, not obstacles. Vista adds ASLR, kernel patch protection, UAC, and a host of other mitigations. And I haven't heard of a drive-by download affecting Linux.
you are spreading FUD. it was a hack of WebKit, and was patched immediately. WebKit is open source, not Apple. CanSecWest is designed to try to crack Apple. From the way it is marketed to the way they relax rules to the way they identify systems to the way they set up the systems, and the low prize money, it is designed to reward Mac hackers (there is little to no market for Mac exploits), while any good Windows hacker will sell their hack for more than the $10,000-$20,000 prize.
But you are right, once Mac is more exposed, the value of the hacks may go up, and then the CanSecWest successes won't be valuable anymore.
Actually, we're talking Safari vulnerabilities, drive-by downloads. That's why the Mac keeps getting hacked on day 2, when they could only get Vista on day 3.
And what is this issue about CanSecWest trying to crack Apple? I'm not talking about Hack a Mac. Three different platforms, all worth money, all with bragging rights. According to Miller, he went after Apple not for bragging rights, but for the opposite reason. Read his comments here: http://blogs.zdnet.com/security/?p=2941
Re: FUD, no sour grapes, please. I'm trying to have a civilized debate.
When someone says, "dont forget mac dont get virus," that's fooling people. I came to clarify that the Mac doesn't "get viruses" because no one writes them, not because it has a magical kernel. Thank you for seconding my statement.
Your lack of knowledge regarding Mac's is astounding. I wouldn't know where to start .... maybe by pointing out that OS X is a derivation of OpenBSD ("Darwin")? That's right - it's Unix at it's core.
All those nifty M$ marketing names you pulled out are an attempt at mimicking what Unix has had for the last 40 years. Problem is twofold - first off M$ can't implement anything right themselves without screwing it up to make it proprietary and unfriendly to everyone, second they intentionally made UAC annoying to their customers. They claimed it was to pressure the driver writers to make better code, but the fact remains.
In short, get off the street corner before someone calls the police. Prostitution is illegal, you know.
"Your lack of knowledge regarding Mac's is astounding. I wouldn't know where to start .... maybe by pointing out that OS X is a derivation of OpenBSD ("Darwin")? That's right - it's Unix at it's core."
>>>>MY lack of knowledge? Why don't we start with the fact that OS X is NOT based on security-heavy OpenBSD, but rather on FreeBSD and NetBSD. OOPS!! Someone didn't do their homework.
"All those nifty M$ marketing names you pulled out are an attempt at mimicking what Unix has had for the last 40 years. Problem is twofold - first off M$ can't implement anything right themselves without screwing it up to make it proprietary and unfriendly to everyone, second they intentionally made UAC annoying to their customers. They claimed it was to pressure the driver writers to make better code, but the fact remains."
>>>>What are you talking about? UAC has to do with security, not drivers. And the fact that it's been foiling Conficker and Mebroot (which have been plaguing XP users with inadequate security) almost makes it look like MS has a clue. As far as MS not being able to implement anything without screwing it up, I'll point out that the Mac was supposed to have ASLR, and it doesn't work worth a lick. That's why it's always the first to fall at CanSecWest, and why everyone says it's easy and "fun" to go bug hunting on OS X, while Vista is "hard work." We'll have to wait and see if Snow Leopard is any better (and if it turns the firewall back on).
That said, it's mostly Windows loyalists who are talking about how "annoying" UAC is. Obviously they've never used Linux or Mac OS, both of which have their own authentication mechanisms. What exactly do you think UAC does, smart guy? Obviously you haven't even read up on it, much less used it.
"In short, get off the street corner before someone calls the police. Prostitution is illegal, you know."
>>>>I've been shooting down your fallacies for a month now, posting quotes, links, and explanations every time. This is one of the first times you've actually worked up the nerve to try and come up behind me, and what a pitiful effort it was. You don't know nearly enough about computers (Mac OR otherwise) to be rebutting me. Your slip-up re: OpenBSD highlights this fact. Go back to school.
Running Firefox with the NoScript extension would most likely nip this in the bud. I'm assuming, hopefully, that if someone is smart enough to run NoScript then they wouldn't fall for the fake security warning. Vista users, with UAC turned on, would probably be safer than XP users as long as they don't automatically click past the UAC pop-up.
Anyone can design a web site using a wide variety of apps to do it, even a simple text editor. Just about anyone can write code or scripts. Far too few of them are concerned with security. Secure code can't be emphasized enough, regardless of the OS being used. This emphasis on security needs to be taught by all educational institutions that offer programming courses and followed up by the institutions that offer certification. It's a mindset that needs to be encouraged and reinforced as a priority from day one.
- by Michichael June 3, 2009 10:14 AM PDT
- Old news. I would like to point out that the payloads consist of a Flash attack, PDF attack, GDI attack and another patched vulnerability attack.
- Like this Reply to this comment
-
(19 Comments)If you're up to date with your Flash, PDF, and MS updates, you're set to go.