SUMware
Premium
join:2002-05-21
1 edit | Trend Micro Hacked - Serving Malicious Iframes
From The Register
13th March 2008 - said by The Reg :
This week, researchers from the anti-virus provider uncovered at least two high-profile websites hacked so they try to infect visitors with some of the nastiest malware out there.
But as they were busy pointing out the attacks on web pages belonging to Swedish rock band The Hives and web blogs award site the Bloggies, nearly a dozen Trend Micro pages were busy trying to launch their own assaults, this Google search shows. The same malicious javascript at the heart of the Trend Micro attack had, at time of writing, managed to inject itself onto almost 23,000 pages in all.
"Unfortunately, safe surfing measures can be useless as even the most trusted Web sites can be hacked to serve up malware," Trend Micro's JM Hipolito wrote on Monday when analyzing the attack on the Bloggies. Evidently, he didn't know just how correct he was.
A Trend Micro spokesman said the malicious iframes have already been removed and that steps have been taken to prevent the injection from happening again. He didn't have additional details.
As we reported earlier today, the mass infection causes the once-benign sites to turn against their visitors by attempting to install password loggers, backdoors and other types of malware on their machines. The attacks appear to be the handiwork of a single criminal gang, according to McAfee researchers, who first discovered the cluster of hacked sites. They are part of a growing preference of miscreants to spread malware using legitimate websites that have been compromised rather than through destinations specifically set up for that purpose.
If even security providers like Trend Micro (and a few months back, Computer Associates) can't protect their visitors from these assaults, chances are good that plenty of others can't either.
|
|
Its a Secret
I don't leave home without it
Premium
join:2008-02-23
Don't ask | Time to lock 'em down hardcore, folks. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA | reply to SUMware
Pretty scary. How long until someone's online scanner, which usually require either ActiveX or Javascript, start infecting machines as people attempt to scan for malware? That's a nasty vector. |
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
| reply to SUMware
Good find -
Based on that incident, I'm glad I have NoScript enabled. This goes to demonstrate that "trusted sites" can still serve up malware.
It shoots down the often-repeated assumption that "careful browsing" is the silver bullet that eliminates the need for security tools.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
Bubba1
Less is More
Premium
join:2006-09-21
| said by EGeezer  :This goes to demonstrate that "trusted sites" can still serve up malware. Frustrating. I operate a locked-down IE7 .. greatly utilizing the trusted/NOT scheme.
Presently, should KIS7's web protection component fail to detect a trusted(s) compromise .. there is no second line.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
IBK
join:2003-06-20
Austria | reply to SUMware
Web Attack on Trend Micro Fails to Infect Users:
»blog.trendmicro.com/web-attack-o···t-users/ |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Vonage
·Optimum Online
| reply to SUMware
Web Attack on Trend Micro Fails to Infect Users
March 14th, 2008 by Trend Micro
Earlier this week, we realized that part of our public online Virus Encyclopedia (VE) was altered via external hacking. The redirect placed on our site didn’t work properly so nobody visiting the hacked pages was at risk of infection. In response to this incident, we shut down the VE for several hours, patched the systems, removed the inserted code, and brought it back to life again. We have already taken interim measures to further harden the VE system against future attacks. This incident was part of a wider attack on Web sites around the world.
--
10,729 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to Bubba1
The infection of legitimate and normally trusted websites also brings mitigation and recovery to the forefront. If one assumes that at some point they may be breached, then they can start putting together a response and recovery plan. One example is a mini-TTX where we "pretend" that our PC has been hacked, corrupted, logins stolen, ID and CC info captured etc. and our recent available backups may be suspect. From that point, practice or develop a response and document as needed.
Although this PPT relates to school and organizational training, many of the tips for planning and doing the exercise are applicable.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
webscanner
@web123.com
| reply to Bubba1
said by Bubba1 :Frustrating. I operate a locked-down IE7 .. greatly utilizing the trusted/NOT scheme. Presently, should KIS7's web protection component fail to detect a trusted(s) compromise .. there is no second line. Does the web scanner of *any* antivirus program really offer any needed protection?
If the antivirus program is going to catch the threat, would it not catch it just as well without the use of a web scanner?
I have often wondered if including a web scanner in an antivirus program was more marketing hype than truly being useful. Am I wrong? |
|
JTM1051
MVM
join:2000-07-08
Moorpark, CA
| reply to EGeezer
said by EGeezer :...Based on that incident, I'm glad I have NoScript enabled. This goes to demonstrate that "trusted sites" can still serve up malware. ... Ditto; using Fx with NoScript and all the "Additional restrictions for untrusted sites " (NoScript's Options > Plugins) enabled.
Since I only use IE for few sites that need/work best with IE, easy for me to lock down IE using customized settings for Trusted Sites, all other security zones set to max high settings.
Also using Online Armor's "Run Safer" setting for Fx, Opera and IE. |
|
