Mass Infection of IIS/ASP Sites
Sucuri.net has released a report about a large number of sites that have been hacked and contain a malware script. A quick Google today indicates that
there are currently 111,000 sites still infected. It appears that this is only impacting websites hosted on Windows servers. The situation is being investigated.
For those who are hosting there websites on Windows IIS/ASP you may find more information here.
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html
http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html - link removed...it triggers some Anti-virus.
Update: Paul at Sophos logs has released some additional information regarding this exploit and Infection. Thanks Paul.
http://www.sophos.com/blogs/sophoslabs/?p=9941
Deb Hale Long Lines, LLC
Adobe POC in the Wild
On June 5th Handler Guy posted a diary about a Security Advisor for Adobe Products. http://isc.sans.edu/diary.html?date=2010-06-05
We have received notification that a proof of concept (POC) has been found in malware taken from the wild and is currently being exploited.
For those that are Adobe users please patch before it is too late.
Thanks to our readers who brought this to our attention.
Update: For more information see US-CERT Technical Cyber Security Alert TA10-159A. http://www.us-cert.gov/cas/techalerts/TA10-159A.html
Thanks to those of you who have pointed out that I made a mistake in the Diary. It appears that there is not a patch available rather currently
just mitigation steps. It looks like the patch will be released for Flash Player soon and for Reader and Acrobat later in the month.
Deb Hale Long Lines, LLC
It appears that the Security Update has been released by Adobe. Thanks to Juha-Matti for providing this information.
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Best Practice to Prevent PDF Attacks
I subscribe to Search Security at Tech Target and receive newsletters from them on a regular basis. It just so happens the one that I received
today had an article about how Enterprise can prevent an attack due to PDF hacks. I just read through the article and found it a very good refresher
on best practices for protecting against any malware spread by using any number of compromised attachments.
It is human nature I guess, that we open attachments from folks we know and unfortunately even some we don't know. Often times these attachments
contain more than we bargained for. Because Adobe is on every computer in the world (ok - maybe an exaggeration) it is a really big target. And
because it is a really big target there are a number of vulnerabilities associated with one component or another. The article from Tech Target states:
"According to McAfee Inc. Avert Labs, as of Q1 2010, malicious malformed
PDF files are now involved with 28% of all malware directly connected to exploits."
Considering the number of different possible attack vectors this 28% is huge. The article goes through some very common sense tips for protecting
your organization. This article though focusing on misused PDF's can be used to protect against other potential attack vectors.
Some may say this is old news and common sense and I won't disagree. But sometimes the old makes things new again.
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1513908,00.html?track=NL-422&ad=769731&asrc=EM_NLT_11739094&uid=6115703
Deb Hale Long Lines, LLC
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago