Last Updated: 2008-05-20 16:55:25 UTC
by Raul Siles (Version: 3)
- Your Web server contents (static contents and database), meaning the server has been compromissed and you need to clean it up and fix the vulnerability originally used by the attackers to insert the redirection tags.
- Your network traffic, meaning your clients are accessing compromissed Web servers and are being redirected to the malicious domains. These domains are typically trying to exploit client-based vulnerable software, so if your clients are not throughly updated, there is a higher chance that some of them have being compromised.
If you know about any other similar resource, or additional domains hosting (or that have hosted in the past) malicious code used in SQL injection attacks, please contact us.
UPDATE: We have been notified by one of our readers, thanks Steve, about some security filtering solutions, in this case based on ClamAV, blocking some of the aforementioned malicious domains.
Last Updated: 2008-05-20 16:38:26 UTC
by Raul Siles (Version: 2)
Sun has released Java 6 Update 6 including 13 bug fixes. At first glance going through the Release Notes, only one of them seems to be security related, but as always, it is recommended to update to the latest version (after appropriate testing).
You can check your current Java version here. Thanks Roseman for the heads up!
The update is still in the process of showing up through the standard Sun update mechanism. I have tested and run "C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe" and still says I have the latest Java version.
IMPORTANT: Remeber, as always, to manually uninstall any previous Java versions.
Last Updated: 2008-05-20 15:17:36 UTC
by Joel Esler (Version: 1)
Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!
iTunes users, go here to subscribe.
Non-iTunes users, go here to download.