Single-line attack infects thousands of Web sites

Home / Hacking, News, Security / Single-line attack infects thousands of Web sites

June 6, 2007 PlanetCreator 0 Comments 0 tags

Thousands of Web sites have fallen victim to an attack using just one line of code that maliciously re-directs browsers via Javascript to servers that are hosting a variety of drive-by exploits. Multiple browsers and operating systems are affected by this code if not correctly patched.

Once installed, the new software can then be used to steal personal information or enlist a compromised machine in attacks on other machines. According to security vendor Websense, the attack now affects over 10,000 Web sites worldwide and that list continues to grow. According to Trend Micro, servers hosting some of the malicious code have been traced to Chicago, the San Francisco Bay Area, and Hong Kong.

The attack, dubbed Mpack, uses cross-site scripting to place malicious iFrames on legitimate Web sites. Iframes are used by Web designers to open additional windows (often hosted on other sites) within a main Web page; iframes can also be used by criminal hackers to redirect browsers to malicious-code sites. Trend Micro believes this latest attack was automated. Websense reports that the server where users are re-directed includes a counter that shows large numbers of visitors from Italy, Spain, and the United States.

Fortunately, there are a number of variables here. First, you must accidentally happen upon a vulnerable site, then your computer must have one of several browser vulnerabilities present for the attack to take root. According to Trend Micro, the component that serves up the browser vulnerabilities is browser aware, able to infect your specific browser of choice. Assuming it can, the attack then downloads various Trojans designed to steal personal information.

To prevent such an attack, Trend Micro urges everyone to be aware of sites requiring software installation; do not allow software installation unless you trust the site and the provider of the software. Keep your PC software fully patched and be sure your antivirus protection is updating properly. And, of course, be wary of any unexpected e-mail and e-mail attachments.

For more on this specific attack, antivirus vendor Panda has prepared a 28-page PDF that provides greater detail.

Explore More

10 steps you can take to improve your online security

1. Ensure that you login to an official site * Ensure that you login to an official site (eg. http://www.planetcreator.net) 2. Choose passwords that are hard to guess. Avoid using

Finding vulnerabilities in PHP scripts

Contents : * 1) About * 2) Some stuff * 3) Remote File Inclusion * 3.0 – Basic example * 3.1 – Simple example * 3.2 – How to fix

Is your IP Leaking? Find out here

The first link shows your IP.http://www.whatismyip.com/This site will show more information like your town…http://www.geobytes.com/IpLocator.htm?GetLocationIf you pass this test your Proxys / Programs are doing their job…https://grc.com/x/ne.dll?bh0bkyd2 Privacy Check – checks

[webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
on May 6, 2025 at 12:00 am
Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
[webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
on May 6, 2025 at 12:00 am
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
[webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
on May 6, 2025 at 12:00 am
ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
[local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
on May 1, 2025 at 12:00 am
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
[local] Daikin Security Gateway 14 - Remote Password Reset
on May 1, 2025 at 12:00 am
Daikin Security Gateway 14 - Remote Password Reset