JavaScript Injection Attacks Hit .Gov Targets
Malware researchers have flagged a massive outbreak of JavaScript injection attacks that have compromised thousands of Web sites, including .gov sites in the United Kingdom. This alert from Websense Security Labs explains: When a user browses to a compromised site, the injected JavaScript loads a file named 1.js which is hosted on http://www.nihao[removed].com. The JavaScript code then redirects the user to 1.htm (also hosted on the same server). Once loaded, the file attempts 8 different exploits (the attack last April utilised 12). The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 as well as other applications. Ominously files named McAfee.htm and Yahoo.php are also called by 1.htm but are no longer active at the time of writing. Working with officials at two anti-malware labs, I was able to confirm at least 20,000 infected sites, including a civil service recruitment site belonging to the UK government, a United Nations events site and several high-traffic tourism portals. Websense says the latest JavaScript injection compromises are closely linked to a recent SQL injection mass attack described in this SANS ISC bulletin. |
Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link
Comments (2)
Frankly, the blackhat's appearent easy ability to poison legitimate website scares the pants off of me.
Something is seriously broken with the technology we call the "World wide Web", and I for one would like to see the headlong rush to new technology stopped (such as the move to streaming IPTV to iPhones) and all that energy redirected into making what exists secure-- from the switches and routers, to TCP/IP, to the servers, to the most fundemental code. (Let's not forget DNS..)
Where does the blame lie when a legit website gets hacked and poisoned? Unix? The server admins? The security program (such as antivirus) vendors?
Where does the responsibilty for Integrity lie?
And when, since the Web is "world-wide", will there be a "Interpol for hackers" to counteract the cyber-criminals?
Of course, none of this will happen-- there's no profit in it. Cyber-crime profits everyone except the average surfer, and the website owner. When we're lucky, we get a "patch" (on top of patch on top of patch on top of...).
Posted by techpaul | April 24, 2008 10:02 PM
Frankly, the blackhat's appearent easy ability to poison legitimate website scares the pants off of me.
Something is seriously broken with the technology we call the "World wide Web", and I for one would like to see the headlong rush to new technology stopped (such as the move to streaming IPTV to iPhones) and all that energy redirected into making what exists secure-- from the switches and routers, to TCP/IP, to the servers, to the most fundemental code. (Let's not forget DNS..)
Where does the blame lie when a legit website gets hacked and poisoned? Unix? The server admins? The security program (such as antivirus) vendors?
Where does the responsibilty for Integrity lie?
And when, since the Web is "world-wide", will there be a "Interpol for hackers" to counteract the cyber-criminals?
Of course, none of this will happen-- there's no profit in it. Cyber-crime profits everyone except the average surfer, and the website owner. When we're lucky, we get a "patch" (on top of patch on top of patch on top of...).
Posted by techpaul | April 24, 2008 10:59 PM