AOH :: ISNQ5047.HTM

Hackers Compromise 40,000 Web Sites

Hackers Compromise 40,000 Web Sites
Hackers Compromise 40,000 Web Sites


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1338881331-1243927338=:969
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.eweekeurope.co.uk/news/hackers-compromise-40-000-web-sites-1029 

By Brian Prince
eWEEK Europe
6.2.2009

Security researchers at Websense say the tactics are reminiscent of the 
notorious RBN group

Researchers at Websense are reporting a mass compromise that may have 
affected as many as 40,000 Websites.

Although Websense would not name any of the compromised sites, 
researchers said the victims did not include any "big-name government or 
business sites." The compromised sites are redirecting users to 
typo-squatted misspellings of legitimate Google Analytics domains. From 
there, users are redirected to the malicious Beladen.net site.

"The Google Analytics site serves as a statistics keeper, and the 
Beladen site is used to host the exploits," said Stephan Chenette, 
manager of security research for Websense Security Labs. "It analyses 
the end-user PC and attempts to exploit several different unpatched 
vulnerabilities =E2=80=A6 If none of the unpatched vulnerabilities exist, it 
delivers a popup claiming that the PC is infected in an attempt to trick 
the user into installing rogue anti-virus software."

According to Websense, the Beladen site is stacked with multiple types 
of malware=E2=80=94as many as 15 to 20 different exploits targeting various 
vulnerabilities.

Just how the legitimate Websites are being compromised is unclear, 
though Websense researchers speculate that it is a SQL injection issue.

[...]


--1457021584-1338881331-1243927338=:969
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 

--1457021584-1338881331-1243927338=:969--

Site design & layout copyright © 1986- CodeGods