Tuesday, January 22, 2008

Hack of Legitimate Web Sites Larger Than First Thought

In a follow up to a story posted last week "Massive Hacking Attack Hits Hundreds of Sites" Computerworld writes "Mass host hack bigger than first thought, hits 10,000 sites.
Some hacked Apache servers reinfected even after clean-up and Linux reinstall".

Last week a senior security researcher at ScanSafe Inc., said that they had uncovered hundreds of sites which had been hacked and were feeding exploits to visitors. According to ScanSafe the number is far higher than originally thought. Reaching approximately 10,000 sites hosted on Linux servers running Apache.

Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger.

ScanSafe originally drew a link between the security breach at U.K.-based Fasthosts Ltd., and the site hacks, saying then that the domains ScanSafe had found infected had, or had recently had, a relationship with Fasthosts.

Fasthosts denied such a cause-and-effect, and cited what it called "technical discrepancies" with Landesman's claims, but said it was investigating nonetheless.

For more information check out the full article at Computerworld.com

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you