Samsung Electronics' U.S. Web site is hosting a Trojan horse that logs keystrokes, disables antivirus applications and steals online banking access codes, according to Internet security company Websense.
"Currently, there is no exploit code on the Web site that attempts to trigger a download of the file without user interaction," Websense said in an alert this week. "The site is hosting and most likely distributing files to users who are lured through instant messaging or e-mail links."
Joel Camissar, Australian country manager for Websense, told ZDNet Australia that Samsung has been informed about the issue but has not yet removed the offending files.
"As of (Friday morning Sydney time), the malicious code on the Web site was still active," he said.
According to Websense's alert, the site "has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users' machines. The server appears to have been compromised and has been hosting a variety of files for some time."
Camissar acknowledged it was possible that the hackers who compromised Samsung's server would have been able to modify the company's Web site so that visitors using a vulnerable browser would become automatically infected with the malicious software.
"Why not hack into a site that people are visiting that is a trusted brand? Trust is so important these days. People are being preached to by banks not to trust links (in unsolicited e-mails)--that is something people are starting to follow. So if one does go to a site that is trusted, it is certainly a very easy way for hackers to compromise users," Camissar said.
"It's worth noting that most high-impact attacks may be performed on popular sites where someone has embedded an attack in an otherwise benign location for user-created content, advertisements, or comments. Sure, there will be enticements to bring people to outright nasty sites loaded with exploits, but a more successful and insidious attack would leverage a person's trust of an already known, popular site," wrote Cole.
Cole said these kinds of attacks are still in the early stage. "From port scanning to fingerprinting and basic network mapping, all done using the Ajax group of technologies, it's clear that we've only begun to see what's possible via malicious Web sites," he wrote.
"While they may not have the immediate impact of a WMF-style vulnerability (i.e.: remote admin-level control), they leave no trace once the browser is closed and don't rely on a researcher uncovering a Godzilla-style hole in a popular Web browser," he added.
Last month, the School of Media, Film and Theater at the University of New South Wales acknowledged that one of its Mac servers had been compromised and used to host a potentially malicious file, which was disguised as a Microsoft security patch.
I find this second-to-last paragraph fairly interesting:
"Last month, the School of Media, Film and Theatre at the University of New South Wales admitted that one of its Mac servers had been compromised and used to host a potentially malicious file, which was disguised as a Microsoft security patch."
It's interesting for a few reasons:
1. The link supplied takes you to an unrelated news.com article about email scams claiming to be winblows security updates or giveaways for iPods, but nowhere does it mention the server at the University of New South Wales nor a compromised Mac server.
2. Doing a google search for "university south wales mac compromised" gives a few hits (as expected, with all those search terms:), but the only one I saw mentioning a compromised Mac at the University of New South Wales claims the file was apparently placed on the machine by a local user - which doesn't really sound that "compromised" to me (read: it wasn't hacked).
3. What does this have to do with the rest of the article, which claims there is a trojan horse sitting on Samsung's web server?
Hmm, I'm getting dizzy from all the spin in that paragraph. Did Micro$loth complain about the content of the article and "request" (read: pay) to have that misleading paragraph inserted, or did it come from a winblows fanboy writing or editing the article?
I have a feeling we'll keep seeing more of this sort of threat. Like the article mentions, people are getting smarter about email that's coming into their inbox (<a class="jive-link-external" href="http://essentialsecurity.com/Documents/article20.htm" target="_newWindow">http://essentialsecurity.com/Documents/article20.htm</a>), but the average person isn't prepared to deal with malicious files that are imbedded in trusted sites.
Thanks to the powers that be where Microsoft only has a fairly insignificant server market share. (www.netcrat.com) Otherwise we would be seeing this more often.
I believe he meant www.netcraft.com. There you'll find a monthly web site survey. But after years of valuable data I don't know how much stock you can put in it now, with single events causing large movements in the numbers. i.e. GoDaddy's parking of domains swung from Apache to MS servers made for a few percentage points. Now there are free blog's with host names, Microsoft adding 1.3 million free names @ Windows Live Spaces or something like that. But one thing does remain, Microsoft never really made it in the server space. Good thing. I sure wouldn't want my web services relying on Microsoft technologies, dealing with the security issues and reliability of a typical Microsoft OS.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
European Union grants unconditional approval for $12.5 billion deal, but says it will monitor Google's and rival's use of patents to make sure that the deal complies with antitrust rules.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
We've got an itch to touch us some Super Stars and get all Mario on some poor unfortunate bitmappy baddies. Looks like Converse is set to hand us just the footwear for the job.
"Last month, the School of Media, Film and Theatre at the
University of New South Wales admitted that one of its Mac
servers had been compromised and used to host a potentially
malicious file, which was disguised as a Microsoft security
patch."
It's interesting for a few reasons:
1. The link supplied takes you to an unrelated news.com article
about email scams claiming to be winblows security updates or
giveaways for iPods, but nowhere does it mention the server at
the University of New South Wales nor a compromised Mac
server.
2. Doing a google search for "university south wales mac
compromised" gives a few hits (as expected, with all those
search terms:), but the only one I saw mentioning a
compromised Mac at the University of New South Wales claims
the file was apparently placed on the machine by a local user -
which doesn't really sound that "compromised" to me (read: it
wasn't hacked).
3. What does this have to do with the rest of the article, which
claims there is a trojan horse sitting on Samsung's web server?
Hmm, I'm getting dizzy from all the spin in that paragraph. Did
Micro$loth complain about the content of the article and
"request" (read: pay) to have that misleading paragraph inserted,
or did it come from a winblows fanboy writing or editing the
article?
What the he11 was the malware?
How are we supposed to ensure that the files that customers may have downloaded are not infected?
Just my 2¢. Collect the whole dime...