Massive Web Based Spyware AttackBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
Security Scanner
Security Categories
Advertise With Us!
Latest Viruses / Threats
Downloads
RSS / Atom Feeds
Web Security : Massive Web Based Spyware Attack
Posted by Max on 2008/3/14 13:38:11 (611 reads)
Web Security

More than 20,000 Web pages infected on hundreds of Web sites had been discovered by the researchers from the McAfee Inc. security company. It looks to be a coordinated effort run out of servers in China.

According to Craig Schmugar, a researcher at McAfee's Avert Labs unit, "it does seem like some automation has gone on", since these attacks appeared rapidly.

If in the past hackers used search engines to find out the weak Web sites and exploit them for malicious purposes, now they have added JavaScript code too, in order to redirect visitors' browsers to an undetectable attack coming from the China-based servers. 

The Web sites of the Miami Dolphins and Dolphins Stadium just before the Super Bowl XLI had been attacked in the same way a year ago.

If your software is up to date, you shouldn’t be concerned about, because this kind of attack code takes advantage of bugs that have already been patched. Yet, McAfee advises that caution measures are necessary:  some of the exploits can be obtained form doubtful programs such as ActiveX controls for online games, without being patched, because users don’t assume it is necessary.

Supposing the code is working, a password-stealing program will be installed, that will try to trace passwords for a number of online games. Among them is The Lord of the Rings Online.
The passwords used on the online game are common targets because money can be obtained after stealing and selling many online gaming resources.

Security vendor Finjan Inc. reported that 20,000 Web sites have been infected, in a widespread Web attack, with malicious code that installed in the visitor’s PC data-collecting software.
Because it proved to be difficult to put a stop to, this is an alluring kind of attack for hackers. Schmugar declared that "It's more subtle than spamming a malicious executable file to billions of e-mail addresses".




Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.