http://www.eweekeurope.co.uk/news/hackers-compromise-40-000-web-sites-1029 By Brian Prince eWEEK Europe 6.2.2009 Security researchers at Websense say the tactics are reminiscent of the notorious RBN group Researchers at Websense are reporting a mass compromise that may have affected as many as 40,000 Websites. Although Websense would not name any of the compromised sites, researchers said the victims did not include any "big-name government or business sites." The compromised sites are redirecting users to typo-squatted misspellings of legitimate Google Analytics domains. From there, users are redirected to the malicious Beladen.net site. "The Google Analytics site serves as a statistics keeper, and the Beladen site is used to host the exploits," said Stephan Chenette, manager of security research for Websense Security Labs. "It analyses the end-user PC and attempts to exploit several different unpatched vulnerabilities … If none of the unpatched vulnerabilities exist, it delivers a popup claiming that the PC is infected in an attempt to trick the user into installing rogue anti-virus software." According to Websense, the Beladen site is stacked with multiple types of malware—as many as 15 to 20 different exploits targeting various vulnerabilities. Just how the legitimate Websites are being compromised is unclear, though Websense researchers speculate that it is a SQL injection issue. [...] _____________________________________________ Visit the InfoSec News security bookstore! http://www.shopinfosecnews.orgReceived on Tue Jun 02 2009 - 00:25:56 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 02 2009 - 00:29:37 PDT