Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks.
On the heels of two massive drive-by attacks — ten of thousands of hijacked sites launching attacks via the browser — Google released a list showing that malicious hackers are typo-squatting on its domains to evade detection and to keep malware sites alive for long periods.
A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday.
The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at security firm Websense. The injected code is designed to look like a Google Analytics script, and it uses obfuscated javascript, so it is hard to spot.
The website compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with web traffic, a security firm said on Thursday.
Fear, uncertainty and doubt can have very real effects on security, especially when uninformed 'experts' are too quick to jump to conclusions. Mydoom was an example. In the last week of January 2004, a new worm was discovered squirming its way across the Internet.
The FBI and the U.S. Marshals Service were forced to shut down parts of their computer networks after a mystery virus struck the law-enforcement agencies Thursday, according to an Associated Press report.
A spokesperson for the U.S. Marshals Service confirmed that it had disconnected from Justice Department computers as a precaution after being hit with the virus, while an FBI spokesperson would only say that it was experiencing similar issues, according to the report.
Cybercrime fighter Eugene Kaspersky can't help but be impressed by the slick operations behind the Conficker botnet, and says that it could have been worse had the botnet been after more than just money.
"They are high-end engineers who write code in a good way," Kaspersky told ZDNet.com.au yesterday. "They use cryptographic systems in the right way, they don't make mistakes — they are really professional."
After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet.
The Conficker worm is still infecting systems at a brisk rate and continues to snag computers in Fortune 1000 companies, according to security researchers.
The worm is infecting about 50,000 new PCs each day, according to researchers at Symantec, who reported Wednesday that the U.S., Brazil and India have been hit the hardest.. "Much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide," Symantec said in a blog post.
A new web-based malware attack comprising almost half of detected infections this week has been detected by IT security and control firm Sophos.
Identified as JSRedir-R, the threat has been found targeting high traffic legitimate websites, surreptitiously loading malicious content from third-party sites. It has been detected by Sophos six times more often than Mal/Iframe-F, which has been the most widespread web-based threat for over a year.
Three cybersecurity groups said Tuesday they plan to band together to combat the growing scourge of malware.
The Anti-Spyware Coalition, National Cyber Security Alliance, and StopBadware.org said the Chain of Trust Initiative will link together vendors, researchers, government agencies, network providers, and other groups involved in internet security. The members said they want to establish a united front against malware suppliers in much the way groups coalesced to successfully fight providers of adware several years ago.
