Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Linux really does power the web

2 views
Skip to first unread message

Ezekiel

unread,
Oct 27, 2009, 3:43:44 PM10/27/09
to

Ask Schestowitz for details - his site was recently hacked big time.


<quote>
More than two million more web pages were infected with malware during the
third quarter of 2009 compared to the same quarter last year, according to
data gathered by web anti-malware vendor Dasient.

From July until September, approximately 640,000 different websites - and a
total of 5.8 million pages on those sites - were infected to distribute
malware, Dasient found through studying data collected on its malware
analysis platform.

Of the sites compromised during the third quarter of this year, 54 percent
were infected with malicious JavaScript code and 37 percent were infected
with a malicious IFRAME, Neil Daswani, co-founder of Dasient, told
SCMagazineUS.com on Tuesday.

During August, for example, more than 56,000 sites were compromised via SQL
injection to embed a malicious IFRAME that attempted to load a number of
exploits onto a victim's PC, including backdoors, password stealers and
downloaders, web security firm ScanSafe has reported.
</quote>

http://www.scmagazineus.com/New-data-shows-website-hacks-continue-to-grow-unabated/article/156291/

Justin

unread,
Oct 27, 2009, 4:11:15 PM10/27/09
to

Question:
what is the breakdown of what the infected servers were running?
http://tinypic.com/r/mvk9px/4

Just found it! It was a legit webpage too.

Rex Ballard

unread,
Oct 27, 2009, 6:00:35 PM10/27/09
to
On Oct 27, 4:11 pm, Justin <jus...@nobecauseihatespam.com> wrote:
> Ezekiel wrote:
> > Ask Schestowitz for details - his site was recently hacked big time.

> > <quote>
> > More than two million more web pages were infected with malware during the
> > third quarter of 2009 compared to the same quarter last year, according to
> > data gathered by web anti-malware vendor Dasient.

In the October 2009 survey, we received responses from 230,443,449
sites. Apache is responsible for more than 60% of this month's total
growth of 4.3 million sites.

Apache gained 2.6 million sites in total, including 748 thousand new
Apache sites at German hosting company Hetzner Online. Many of
Hetzner's new sites are using the dyns.cx dynamic DNS service, which
allows customers to use hostnames such as yourname.dyns.cx to point to
IP addresses at Hetzner.

http://news.netcraft.com/archives/web_server_survey.html

Netcraft also pointed out that there were 48 Million "Active" sites.

more and more web service providers are letting users update their
sites using SMB shares. This pretty much bypasses all of the usual
checks and security systems and lets a virus update the web share
without the user's knowledge. Add a page with VBScript and Iframes
and you get an invisible ActiveX control that slides right past the
user, and downloads the malware from a site that has nothing to do
with the Linux web site.

The other trouble spot is sharing of Office 2007 attachments, which
can easily be injected with hacks that trick the application into
executing binary code, usually the downloader and the uploader so that
you can "share" with your "friends".

SQL inserts are a problem when the ASP developer doesn't properly
check the input parameters for embedded SQL before turning it over to
SQL server. It's amazing that there are till IIS/ASP/SQLServer
programmers who think that this is a really cool function and
deliberatly leave the back door open.

> > were infected with malicious JavaScript code and 37 percent were infected
> > with a malicious IFRAME, Neil Daswani, co-founder of Dasient, told
> > SCMagazineUS.com on Tuesday.

A great way to sneak in viral malware is to create a borderless IFRAME
and use VBScript to pull it across. Be sure to reject the "debug
certificate" used by Microsoft programmers to test code. The default
is to warn you once, but if you assume that it came from Microsoft,
therefore it's safe, then anyone can infect your Windows PC.

> > During August, for example, more than 56,000 sites were compromised via SQL
> > injection to embed a malicious IFRAME that attempted to load a number of
> > exploits onto a victim's PC, including backdoors, password stealers and
> > downloaders, web security firm ScanSafe has reported.
> > </quote>

56,000 out of 48 million, that's one in one thousand. Not great, but
not bad either.

> >http://www.scmagazineus.com/New-data-shows-website-hacks-continue-to-...

> Question:
> what is the breakdown of what the infected servers were running?

http://tinypic.com/r/mvk9px/4

> Just found it!  It was a legit webpage too.

Another common tactic is to send an e-mail that causes an Outlook user
to preview an HTML page containing VBScript that calls the malware. I
just recently had a friend who got one on these and couldn't read her
e-mail for a few days.

0 new messages