Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 08:39:59 PM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: News Story on Hacked Sites (iFrame exploit)  (Read 2872 times)
bryantrv
Guest
« on: August 25, 2009, 06:28:14 AM »
FWIW- http://blogs.zdnet.com/security/?p=4091&tag=nl.e539  over 55,000 websites hacked.
« Last Edit: August 25, 2009, 06:40:45 AM by Mitch » Logged
Mitch
Berserker Poster
*****
Offline Offline

Posts: 12838


WWW
« Reply #1 on: August 25, 2009, 06:39:16 AM »
bryantrv, sorry to topic-hijack, but thought this would make for a better new topic, than a reply.  Via the story in question...

Quote
Security researchers are raising an alarm for a potent malware cocktail — backdoor Trojans and password stealers — being pushed to Windows users from about 55,000 hacked Web sites.

According to Mary Landesman, a researcher in ScanSafe’s security threat alert team, the cybercriminals have embedded a malicious iFrame into tens of thousands of Websites to fire exploits at unsuspecting PC users who surf to one of the rigged sites.

Very scary stuff indeed.  She ran a Google search of the iFrame script tag and found it embedded on about 54,900 sites, many  of them legitimate online destinations.
Logged
New to Web Site Hosting? Check Out the Lunarpages Blog Hosting Guide!

Follow us @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
Mitch
Berserker Poster
*****
Offline Offline

Posts: 12838


WWW
« Reply #2 on: August 25, 2009, 06:48:16 AM »
Here is another good link for information too - http://blog.scansafe.com/journal/2009/8/21/up-to-55k-compromised-by-potent-backdoordata-theft-cocktail.html
Logged
New to Web Site Hosting? Check Out the Lunarpages Blog Hosting Guide!

Follow us @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
MNM
Galactic Royalty
*****
Offline Offline

Posts: 258


Hosted on server: TYR


WWW
« Reply #3 on: August 25, 2009, 09:58:37 AM »
So let me be the first one to ask the million dollar question!

Can Lunar not set up a way to scan for this and get rid of it on their servers? Much the same way they scan for, and disable, outdated scripts.

I would imagine that the code looks similar on all the sites.

Its great to know about it but it would be better to have a fix in place.

If not is there a script somewhere that can be downloaded that would check for this exploit?

Just an idea
Logged
MardianNaturalMedicine

MapleDomains
Mitch
Berserker Poster
*****
Offline Offline

Posts: 12838


WWW
« Reply #4 on: August 25, 2009, 10:19:13 AM »
It might be possible, however I'm not a server admin, so don't want to speak for them. That would be if there were any reported infections of this iFrame exploit on Lunarpages yet.  Thus far I haven't heard of any - just wanted to mainly make sure everybody is aware of the issue though so users can protect themselves.

From the article...

Quote
The most common programs under attack include Adobe Flash, Adobe PDF Reader, Apple’s QuickTime, WinZip and RealPlayer.  In addition to Microsoft Windows patches, these desktop applications should be updated to the newest version immediately.

 Thumbs Up
Logged
New to Web Site Hosting? Check Out the Lunarpages Blog Hosting Guide!

Follow us @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
WeWatch
Newbie
*
Offline Offline

Posts: 1


WWW
« Reply #5 on: August 25, 2009, 01:55:32 PM »
It appears from reviewing thousands of these sites, that most of them are using .asp or .aspx pages which are generally dynamically generated.

This leads us to believe that this is probably a SQL injection attack as the dynamically generated pages probably derive their content, or a portion of it, from a back-end database.

Some of the iframes injected are right in the middle of legitimate lines of html code furthering our theory of the SQL injection.

That’s just our opinion, we could be wrong
Logged
"We Watch Your Website - so you don't have to!"
http://www.wewatchyourwebsite.com
Inge Jones
Intergalactic Superstar
*****
Offline Offline

Posts: 139
« Reply #6 on: October 05, 2009, 02:53:03 AM »
Quote from: Mitch on August 25, 2009, 10:19:13 AM
It might be possible, however I'm not a server admin, so don't want to speak for them. That would be if there were any reported infections of this iFrame exploit on Lunarpages yet.  Thus far I haven't heard of any...

It happened to my site, and at least one other person who has posted here about it in the past few weeks.

For example, here http://www.lunarforums.com/lunarpages_security_center/my_website_was_hacked_too-t53605.0.html
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: