YIKES
I flipped out when I read the latest in security news:
New mass hack strikes sites, confounds researchers; May be linked to November 2007 break-in at U.K. hosting firm
A massive hack of legitimate Web sites has been spreading malware to visitors’ PCs, using a new tactic that has made detection “extraordinarily difficult,” security experts said today.
According to the researcher who broke the news, the hack, which involves several hundred sites, may be related to a November 2007 break-in at Fasthosts Internet Ltd., a U.K.-based hosting service that in early December acknowledged that some clients’ log-in credentials had been pinched.
…Visitors to the compromised domains have been assaulted with multiple exploits, notably one for a vulnerability in Apple Inc.’s QuickTime media player that was patched only last month. Another exploit being served, said Landesman, is the “tried and true” attack against Windows 18-month-old MDAC flaw.
If successful, the client-side attack infects the PC with a variation of the Rbot Trojan, a backdoor also known as Zotob that has been active since the middle of 2005. There, too, however, users are at special risk. “Just three out of 33 antivirus vendors detected that [variation],” Landesman claimed.
This is insane. For one, companies have GOT to get control of their data. Two, why are the crooks always a step ahead of these “security” wizards?!
The story offers no help, no suggestions, no detection help, nothing.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment