siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC | reply to Stem Bolt
Re: Torrentreactor breach serves potent exploit
TorrentReactor Users Suffer Rootkit Attack
»torrentfreak.com/torrentreactor-···-090702/ |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
| reply to Stem Bolt
Well there goes another of my bookmarked torrent sites. I haven't visited them in more than a year because I thought the new site style was pretty crappy, and seemed to allow a lot of junk (which likely included fakes) in the categories.
But I suppose like other iframe injections, if you're using Firefox and NoScript, nothing is going to happen anyway unless you do something dangerous like allow all scripts.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC | reply to Stem Bolt
Let's just chalk it up to a Canada Day, silly moment. |
|
mysec
Premium
join:2005-11-29
2 edits | reply to Stem Bolt
Note that this exploit is following the trend of packaging both browser and plugin exploits, hoping to catch something unpatched.
The browser exploit is for IE6 (MDAC, MS06-014) and Microsoft Office Snapshot Viewer which works on IE6 and I think IE7.
Both of these have been long since patched.
The plugin exploits are for Adobe Acrobat Reader and Adobe Shockwave, and of course, will work in any browser.
These require a vulnerable verision of the application and plugins enabled.
Pretty typical stuff these days.
Hopefully everyone is aware of how to protect against this, but I still mention it to people just to be sure.
----
rich |
|
Stem Bolt
Premium
join:2002-11-08
Cleveland, OH
| reply to siljaline
said by siljaline  :That is the actually article is more to-the-point in the URL I posted. Sorry if you are/were offended, none intended  I'm not offended. Both articles say the same thing. What did you find "more to the point" in the article you posted? Just curious.
--
Dr. Web 5.0 + ThreatFire + Router/SPI |
|
sgsfgssss
@elisa-laajakaista.fi | reply to Stem Bolt
Site seems ok, I cannot see nothing bad there. |
|
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC
1 edit | reply to Stem Bolt
That is the actually article is more to-the-point in the URL I posted. Sorry if you are/were offended, none intended |
|
Stem Bolt
Premium
join:2002-11-08
Cleveland, OH
| reply to siljaline
Yeah, what's your point?
--
Dr. Web 5.0 + ThreatFire + Router/SPI |
|
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC
 ·Bell Sympatico
| reply to Stem Bolt
Basically the same here Stem Bolt 
»securitylabs.websense.com/conten···430.aspx |
|
Stem Bolt
Premium
join:2002-11-08
Cleveland, OH
| »www.theregister.co.uk/2009/07/01···_breach/
quote:
Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.
Attackers have managed to inject an iframe into the site that scours Torrentreactor visitors' computers from a long list of vulnerable applications, including Adobe's Reader and Shockwave programs and Microsoft's Internet Explorer and Office Snapshot Viewer. When it finds one, it downloads and runs a malicious file.
According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims' machines.
The malicious file in the latest compromise communicates with a server at 78.109.29.116, an IP address that web searches suggest has ties to the Russian Business Network. We'll be steering clear of this site for the time being.
--
Dr. Web 5.0 + ThreatFire + Router/SPI |
|
