All the latest UK technology news, reviews and analysis
|
|
|
17 Mar 2008
Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack.
Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages.
Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack.
Rather than attempt to exploit browser vulnerabilities, the attack attempts to trick a user into manually launching its malicious payload.
"This contrasts [Thursday’s] attack in that the vast majority of those were active server pages (.ASP)," explained McAfee researcher Craig Schmugar on a company blog posting.
"The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering."
The infected pages bring up what appears to be a pornographic web site. Upon loading the page, a 'fake codec' social engineering attack is attempted. The user is told that in order to view the movie on the page, a special video codec must be installed.
The user then downloads a trojan program which installs a malware package on the users system then delivers a fraudulent error message telling the user that the supposed codec could not be installed.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Microsoft, where are you?
I simply can not understand why a company with the resources the Microsoft has, hasn't offered the public a fast and aggresive Spyware/Malware/Phishing/ETC. program that is compatible with windows. DEFENDER is a joke with ratings of 60% effectivenss. I am aggrieved that the largest Program writer in the world, with the most resources in the world can't even right a program and sell it for the Public's Sake, to protect the very resources the consumer has elected to place it's trust.
Posted by: Eric Wesson 26 Mar 2008
So whats new?
So whats new? This has been around for a couple of years at least
Posted by: Acathater 17 Mar 2008
Whats a web page?
Whats a web page?
Posted by: Nigel Bell - Donegal 17 Mar 2008