News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 02, 2014, 10:54:31
Pages: 1 [2] 3 4 5   Go Down
  Print  
Topic: Browsers under attack  (Read 35922 times)
0 Members and 1 Guest are viewing this topic.
« Reply #15 on: April 02, 2008, 17:44:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

-Mebroot- Spreading through High-Traffic, Compromised Web Sites
- http://preview.tinyurl.com/yrxcym
April 2, 2008 (Symantec Security Response Weblog) - "Symantec is tracking more and more high-traffic Web sites that become compromised and then used to spread malicious code. After the breach our MSS team spotted out on Tata*, we have been notified of another Web site with a similar issue. Today the Italian Web site www .emule-italia .it had been compromised and was hosting an obfuscated script... The script, when deobfuscated, was showing an -iframe- pointing to http ://[REMOVED]xes.com/ld/grb, which was redirecting users to a server (http ://[REMOVED]fir.com/cgi-bin/mail.cgi?p=grobin) hosting the Neosploit tool. Neosploit is forcing vulnerable PCs to download and install the latest version of the infamous Trojan.Mebroot. Symantec notified the ISP involved about this issue and the ISP has since worked to remove the malicious content from the affected Web site. High-traffic Web sites are becoming more and more targeted, because the huge number of visits they receive turns into a huge number of machines getting compromised in a short period of time. Therefore, application security is even more important for these sites:
- periodic penetration testing,
- code review, and
- sound application security practices
...in the overall development lifecycle can protect site owners [and visitors, too!] from these kind of threats."
* http://preview.tinyurl.com/yqhseh
(Symantec Security Response Weblog - February 28, 2008)

 Shocked Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #16 on: April 04, 2008, 08:23:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

nmidahena
- http://isc.sans.org/diary.html?storyid=4240
Last Updated: 2008-04-04 16:06:43 UTC - "In case you haven't done so yet, consider blocking nmidahena-dot-com on your proxy. And don't go there to find out if it is bad. It is. Several high profile sites have apparently been hit with what is a continuation of the "iframe injection" that we've covered repeatedly*."
* http://isc.sans.org/diary.html?storyid=4210
Update on IFRAME SEO Poisoning

 Shocked Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #17 on: April 08, 2008, 06:26:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

- http://www.symantec.com/about/news/release/article.jsp?prid=20080407_01
April 8, 2008 – "...Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites. Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites. However, only 473 (about 4 percent) of them had been patched by the administrator of the affected Web site during the same period, representing an enormous window of opportunity for hackers looking to launch attacks... “Avoiding the dark alleys of the Internet was sufficient advice in years past”... “Today's criminal is focused on compromising legitimate Web sites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the Internet”..."

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #18 on: April 10, 2008, 05:36:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

- http://preview.tinyurl.com/45hmwg
April 10, 2008 (Symantec Security Response Weblog) - "...Since the Web browser is the primary gateway to the Internet for most users, Web pages that they visit frequently... are a useful means of compromising computers for attackers... Because of the success of kits like MPack and Ice-Pack, it seems that malicious code authors have begun to incorporate similar features in the threats they create... two of the top ten -new- malicious code families modified Web pages. There are two ways in which these samples modify Web pages. The first is that the malicious code adds its own code to a Web page so that other people who view the page may become infected. The second way is that an iframe tag is added to the Web page that redirects users to another Web site. Usually this Web site tries to exploit Web browser and plug-in vulnerabilities in a shotgun-style attack*. This type of attack is similar to the one employed by MPack... As more threats use the Web—in particular, browsers and their plug-ins—to install themselves on computers, users need to be careful even when visiting sites they know and trust. Make sure your Web browser is kept up to date with the latest security patches. Just as important is to make sure that any browser plug-ins you have installed are also fully patched. And, as always, make sure you have antivirus software running with the most recent definitions, as well a good intrusion prevention system.
*A shotgun attack is one where a malicious Web page attempts to exploit multiple vulnerabilities at once in order to increase the chances of a user being compromised."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #19 on: April 10, 2008, 10:15:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI... 4.10.2008

- http://www.symantec.com/security_response/threatconlearn.jsp
"The ThreatCon is currently at Level 2: Elevated.
The ThreatCon is currently at level 2. On April 8, 2008, Adobe released a security bulletin for Flash Player that includes a vulnerability that can remote attackers can leverage to execute arbitrary code. Attackers could create a malicious Flash object embedded in a web page or email to gain access to a vulnerable system. Adobe has reported that Flash Player 9.0.115.0 (and earlier) and 8.0.39.0 (and earlier) are affected. Patches are available. The vulnerabilities have not been seen in the wild. Adobe considers this a 'critical' update and recommends that customers upgrade to Flash Player 9.0.124.0 to fix the issue. Adobe's security bulletin: ( http://www.adobe.com/support/security/bulletins/apsb08-11.html )
Bugtraq entry: ( http://www.securityfocus.com/bid/28694/references )"

 Shocked Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #20 on: April 22, 2008, 07:17:39 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

One new infected webpage found every 5 seconds - Sophos
- http://www.sophos.com/pressoffice/news/articles/2008/04/secrep08q1.html
21 April 2008
- Top ten countries hosting web-based malware...
- Hacked sites pose greatest risk to IT security...
(...Top 10 malware found on the web Q1-2008, 29% is iframe related...)

- http://wiki.castlecops.com/IFRAME_2008

 Shocked Shocked
« Last Edit: April 22, 2008, 07:32:59 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #21 on: April 23, 2008, 10:48:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

- http://preview.tinyurl.com/64qbkd
April 23, 2008 (Infoworld) - "...Web sites are rife with security problems: In 2006, the Web Application Security Consortium surveyed 31,373 sites and found that 85.57 percent were vulnerable to cross-site scripting attacks, 26.38 were vulnerable to SQL injection and 15.70 percent had faults that could let an attacker steal information from databases...
   Vendors have typically only tested their software patches on machines in default configurations, which isn't representative of the real IT world, Paller said. Many businesses use custom applications with custom configurations, which require rigorous testing to ensure a patch won't break their applications. The U.S. Air Force was one of the first organizations that tried a new approach when contracting IT systems with Microsoft and other application vendors about two years ago to enable speedier patching, Paller said.
   The Air Force's CIO at the time, John M. Gilligan, consolidated 38 different IT contracts into one and ordered all new systems to be delivered in the same, secure configuration. Then, he ordered that application vendors certify that their applications would work on the secure configurations, Paller said. Then Gilligan took his case to Microsoft. At the time, it took the Air Force about 57 days between the time a patch was released until their 450,000 systems were up-to-date. Gilligan wanted Microsoft to test its patches on machines with the same configuration as the Air Force's, shifting the cumbersome testing process back to the vendor. The negotiations, which didn't start off well, culminated with a meeting with CEO Steve Ballmer. "The story is that he [Gilligan] use a four-letter word in the meeting," Paller said. "You know what the four-letter word was? Unix."
   Gilligan won. Now, the Air Force can patch in about 72 hours now, and they're looking to cut that to 24 hours, Paller said. The idea was so successful that as of Feb. 1, the U.S. government implemented the same conditions for all of its agencies..."

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #22 on: June 01, 2008, 12:57:20 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Cross-site scripting also used in Mass Compromises
- http://blog.trendmicro.com/xss-methods-also-seen-being-used-in-mass-compromises/
May 31, 2008 - "We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the sites involved some cross-site scripting (XSS*), or SQL injection vulnerabilities, or a combination of both... XSS vulnerabilities can cause a variety of problems for the casual web surfer. These problems range in severity from mere annoyance to complete credential compromise. Some XSS attacks incorporate disclosure of the user’s session cookies, allowing an attack perpetrator to have complete control over the victim’s session and to (in effect) take over the account & hijack the HTTP session.
XSS attacks may also include redirecting the user to some other page or website, and modifying the content of a HTTP session. Other damaging risks include the exposure of the victim’s files, and subsequently the installation of Trojans and other damaging malware — and to what purpose? One can only guess because once the compromise is successful, the criminal’s next actions are open to unlimited possibility.
An XSS attacker utilizes varying methods to encode the malicious script in order to be less conspicuous to users and administrators alike. There are an unaccounted number of variations for these types of attacks, and XSS attacks can come in the form of embedded JavaScript — one of the more common implementations. But be forewarned — any embedded active content is also a potential source of danger, including: ActiveX (OLE), VBscript, Flash, and more... Mass compromises seem to be all the rage these days, and exploiting XSS vulnerabilities are just one of the methods criminals can employ to silently worm their way into users’ PCs..."
* http://en.wikipedia.org/wiki/Cross-site_scripting#Exploit_scenarios

 Shocked Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #23 on: June 09, 2008, 12:37:45 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Malware redirects...
- http://sunbeltblog.blogspot.com/2008/06/malware-distributors-move-to-dogpile.html
June 08, 2008 - "First Google, then DoubleClick* redirects, now Dogpile is a new favorite for XSS redirects by malware authors..."
* http://sunbeltblog.blogspot.com/2008/06/google-fixes-redirects-now-it.html
June 02, 2008 - "On May 25th, we noticed that spammers and malware distributors had moved from using Google redirects, to Doubleclick redirects. If you’re tracking this stuff, you’re undoubtedly seeing extensive use of these redirects..."

(Screenshots available at both URLs above.)

 Shocked Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #24 on: June 16, 2008, 05:07:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

Malicious doorways redirecting to malware
- http://ddanchev.blogspot.com/2008/06/malicious-doorways-redirecting-to.html
June 16, 2008 - "...bottom line - malicious doorways are slowly starting to emerge thanks to the convergence of traffic redirection and management tools with web malware exploitation kits, and just like we've been seeing the adaptation of spamming tools and approaches for phishing purposes, next we're going to see the development of infrastructure management kits, a feature that DIY phishing kits* are starting to take into consideration as well."
* http://ddanchev.blogspot.com/2008/05/diy-phishing-kits-introducing-new.html

Warning: We strongly suggest that readers NOT visit websites mentioned as being behind the attacks discussed. They should be considered dangerous and capable of infecting your system.

 Exclamation Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #25 on: July 01, 2008, 18:16:37 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

40% of Web users surf with Unsafe Browsers
- http://preview.tinyurl.com/4nhr4n
July 1, 2008 (blog.washingtonpost.com/securityfix) - "A comprehensive new study of online surfing habits released today found that only 60 percent of the planet's Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers. The study, conducted by researchers from Google, IBM and the Communication Systems Group in Switzerland, relied on data from server logs provided by Google for search requests between Jan. 2007 and June 2008. The researchers found that of the 1.4 billion Internet users worldwide at the end of March 2008, 576 million surfed with outdated versions of Web browsers..."

 Shocked Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #26 on: March 25, 2009, 08:35:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

- https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/istr/article-id/13
03-24-2009 - "... simply visiting your favorite website can either lead to malware silently being installed on your computer without ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers alike... Our recently published Web-based attacks white paper* highlights some of the top Web threat trends that our security analysts observed during 2008... When your system is compromised, there is usually no indication—it happens silently without flashing lights or having to click on anything. All it takes is one vulnerable browser, multimedia application, document viewer, or browser plug-in and your computer can be compromised. I spoke with one user who couldn’t believe that one of the top 100 sites on the Internet would be attacking his computer. There was another customer whose own Web server kept attacking and infecting his computer... Web-based attacks are occurring everywhere and users’ computers are being attacked and infected in enterprise and consumer environments alike..."

* http://www.symantec.com/business/theme.jsp?themeid=threatreport
Web Based Attacks: February, 2009 - "...
Top Web Threat Trends for 2008
1. Drive-by downloads from mainstream Web site are increasing
2. Attacks are heavily obfuscated and dynamically changing making traditional antivirus solutions ineffective
3. Attacks are targeting browser plug-ins instead of only the browser itself
4. Misleading applications infecting users are increasing
5. SQL injection attacks are being used to infect mainstream Web sites
6. Malvertisements are redirecting users to malicious Web sites
7. Explosive growth in unique and targeted malware samples ..."

 Evil or Very Mad Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #27 on: March 25, 2009, 14:50:47 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

TinyURL abuse... E-cards lead to malware...
- http://blog.trendmicro.com/e-cards-used-to-advertise-adult-dating-site/
Mar. 24, 2009 - "The misuse of legitimate services continue as after recent reports of cybercriminals exploitng the redirecting service TinyURL to slip past spam filters, legitimate e-card services are now being used. We have received email samples that arrive as ecards... The greeting cards were from Regards.com, the web’s largest collection of free greeting cards. The  email claims to be sent by a user under an alias..."
(Screenshot available at the URL above.)
________________________________________

See: http://tinyurl.com/preview.php?disable=0
"Don't want to be instantly redirected to a TinyURL and instead want to see where it's going before going to the site? Not a problem with our preview feature."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #28 on: June 10, 2009, 17:35:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

- http://www.trustedsource.org/blog/248/New-McAfee-Whitepaper-on-Browser-Attacks
June 4th, 2009 - "... this paper* deals with the many complexities of browser security and attacks. From the paper:
Web Browsers: An Emerging Platform Under Attack
'The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration has finally catapulted web browsers from straightforward HTML viewers to a full-blown software platform. And as corporate users are performing a significant portion of their work on the web, whether it’s researching or collaborating, the safety of the underlying platform is critical to the company’s success.' Other areas the paper covers include:
• The shift in spam to mainly malicious web link usage
• “Web 2.0” sites—whether weblogs, social networking or portal sites—are increasingly spammed with links to malicious sites
• Legitimate sites are compromised and misused to either host malicious code or link to a malicious website
• Use of malicious video banners placed in advertisement networks
• Use of popular search terms to advertise and drive (search query) traffic to a malicious website. In a recent case in Germany, attackers used Google AdWords to attract users who searched for “flash player” to the attacker’s fake Adobe-look-alike site ..."
* http://www.mcafee.com/us/local_content/white_papers/wp_webw_browsers_w_en.pdf

 Shocked Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #29 on: July 21, 2009, 10:02:53 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8237



FYI...

More 0-Day exploits for browsers...
- http://blog.trendmicro.com/more-zero-day-exploits-for-firefox-and-ie-flaws/
July 21, 2009 - "Earlier today... spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities:
• JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files.
• JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN.
• JS_SHELLCODE.BU exploits a vulnerability in Microsoft OWC to download JS_SHELLCODE.BV.
Initial analysis... shows that the scripts above may be unknowingly downloaded through either Firefox -or- Internet Explorer.
According to Mozilla, a Firefox user reported suffering from a crash that developers determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, the just-in-time (JIT) compiler could get into a corrupt state. This could then be exploited by an attacker to run arbitrary code. However, this vulnerability does not affect earlier versions of Firefox, which do not support the JIT feature. Firefox 3.5 users can avoid this vulnerability by disabling the JIT compiler as described in the Mozilla Security Blog*. This workaround is, however, unnecessary for Firefox 3.5.1 users.
* http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
> On the other hand, the vulnerability in Microsoft Video ActiveX Control allows remote code execution if a user views a specially crafted web page with Internet Explorer, executing the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
> Microsoft is aware of attacks attempting to exploit the said vulnerabilities and advises its customers to prevent the OWC from running either manually or automatically using the solution found in Microsoft Knowledge Base Article 973472*.
* http://support.microsoft.com/kb/973472#FixItForMe
Trend Micro advises users to refer to the following pages to download updates/patches for the vulnerabilities the aforementioned script files exploit:
• Firefox: Mozilla Foundation Security Advisory 2009-41
http://www.mozilla.org/security/announce/2009/mfsa2009-41.html
• OWC: Microsoft Security Advisory (973472)
http://www.microsoft.com/technet/security/advisory/973472.mspx
• DirectShow: Microsoft Security Bulletin MS09-032
http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx ..."

 Exclamation Evil or Very Mad Questioning or Suspicious Headache
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 [2] 3 4 5   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.197 seconds with 19 queries.