Massive rootkit campaign spreads via SQL injection on legitimate websites
Thursday, December 10, 2009
A fast-moving malware campaign has infected almost 300,000 web pages, according to UK-based IT security site The Register. Anti-virus software has a mixed record of detecting the rootkit-enabled Trojan, with 22 out of 40 products tested by Virus Total able to stop the malware.
Online security firm ScanSafe says that the attacks started last month, and work by using SQL injection to plant a malicious, invisible iframe on a targeted website, which redirects users to a malware-serving domain.
Once at the malicious domain, the site checks for "at least five" separate application vulnerabilities while attempting to install the Backdoor.Win3.Buzus.croo malware on targeted machines, according to The Register. While fully patched versions of Windows, Internet Explorer, and Adobe Flash should be immune to the malware, experts urge users to take no chances by visiting infected sites.
Dark Reading reports that the websites infected with by this campaign vary widely in location and content, ranging from the City of Iowa City's municipal website to overseas news organizations and an English-language rental site for Paris apartments.
Related News:
Scareware stands as biggest threat to web security in 2010 - 3.10.2010
McAfee recently announced the development of Consumer Threat Alert, a program that users can sign up for to be alerted of threats spreading throughout the web. The first such threat that McAfee plans to address is scareware.
Mariposa botnet found on new Vodafone smartphone - 3.10.2010
A newly purchased HTC Magic, distributed by Vodafone, was found to have the Mariposa botnet strain on it. The discovery was made by a worker at Panda Security, who plugged her phone into her computer, where her antivirus software reported the presence of the malicious software, the company said.
Twitter gets proactive with users web security - 3.10.2010
Twitter, the popular social networking site, recently reported that it has implemented a plan to scan all links posted on the website as they are submitted by users. The measure is directly aimed at eliminating the threat of phishing attacks on its members.
WhitePages squashes ad networks after finding malware - 3.10.2010
A representative from the Senate Committee on Environment and Public Works told CNet on Tuesday that WhitePages.com is under investigation after a malware strain found on its computer was traced by government IT personnel back to the popular directory website.
IE8 best in web security - 3.9.2010
Microsoft's latest Internet Explorer update, IE8 provides users with the best overall malware protection, according to the a recently released study from NSS Labs.
|
