At some point within the last week, some MySpace user pages were seeded with malicious computer code. The malicious code seeks to exploit Microsoft Windows and Internet Explorer using . The hope is that you haven't patched your computer yet. If you're a MySpace visitor and you visit one of the infected pages, you'll be redirected to a fake MySpace log-in page aiming to steal the visitor's MySpace user name and password. The attack employs phishing and drive-by download techniques.
SANS' Internet Storm Center offers a detailed breakdown of the attack.
As the automated Mpack attack continues to turn thousands of legitimate Web sites into compromised sites offering drive-by downloads of malicious software, security researcher Roger Thompson over at Exploit Prevention Labs reminds us there are other exploits compromising legitimate sites, and some are as easy to find as entering a simple search string on Google. For more than a week (starting before the current Mpack attack), Thompson has been posting a list of dangerous search strings on his blog site. I've collected these and indicated in parentheses some of the known exploits associated.
- atlas mountains country (WebAttacker 2 or MPack)
- rotweiller rescue
- North Padre Island (WebAttacker 2 or Mpack)
- arches national park (WebAttacker 2 or MPack)
- canyonlands national park
- mass lottery
- air disasters in Florida (WebAttacker 2)
- cd key windows xp profesional
- batmobile for sale
- victoria's secret (fake codec)
- pokemon ruby gamesharks
- blue book (mdac exploit)
- IBM stock
- pallet fire
- Nigerian economic and financial crimes
- who's a rat
Exploit Prevention Labs makes LinkScanner, a browser plug-in that will identify and block known exploits on tainted sites before you download the page. There are other safe surfing tools available as well; some are free.
Criminal hackers are flying well below the radar these days with a new technique that, according to security vendor Finjan, marks a new level of sophistication among criminal hackers. Documenting this trend in its latest Web Security Trends Report, Finjan calls these "evasive attacks" because of their stealth-like quality. First, criminal hackers use a cross-site scripting attack to place an IFrame that calls down malicious code on a popular Web site. That part is not new. What is new is the fact that the end-user is hit with the malicious code only once, making it hard for network forensics tools to spot the new attack vector, or for end-user protection to block it.
Finjan says in its Q2 2007 report the new attack is so sophisticated that the second time the user visits the infected site, all traces of the malicious code simply vanish. Moreover, since the malicious code can determine and hide itself from repeat visitors, it can also identify Web crawlers and hide itself from search engines, URL filtering, and reputation filters as well.
- prev
- 1
- next
