CROPfm Forum

The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC. A back door also allows the subsequent installation of additional malicious programs.

On the heels of recent iframe attacks, we’re currently tracking another mass compromise. This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities, including:

* MS06-014
* RealPlayer (ActiveX Control)
* Baofeng Storm (ActiveX Control)
* Xunlei Thunder DapPlayer (ActiveX Control)
* Ourgame GLWorld GlobalLink Chat (ActiveX Control)

The U.S. Department of Homeland Security (DHS) is conducting the largest cyber security exercise ever organized. Cyber Storm II is being held from March 10-14 in Washington, D.C. and brings together participants from federal, state and local governments, the private sector, and the international community.

Das Department of Homeland Security http://www.dhs.gov hat bekannt gegeben, dass seine National Cyber Security Division diesen März mit "Cyber Storm II" eine umfassende Cyber-Sicherheitsübung durchführt. In den Cyber-Kriegsspielen soll ein groß angelegter Angriff auf Infrastruktur-Sektoren simuliert werden.

The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object.

The attack seems to have started more than a week ago, and nearly 200,000 web pages have been found to be compromised, most of which are running phpBB. This contrasts yesterday’s attack in that the vast majority of those were active server pages (.ASP). The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.

Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack..

Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages.

Here's some recent media coverage regarding the SEO poisoning attack through exploiting the ABC of web application security, namely input validation, a good example of tactical warfare combing two different attack tactics, blackhat SEO for traffic acquisition and abusing input validation for injecting iFRAMES, and abusing the sites' search engine optimization practices of storing the now input violated pages.