Archive for August, 2009
Tuesday, August 25th, 2009
Hackers exploit security vulnerabilities in popular web software such as blogs, forums, CMS, image galleries and wikis to insert hidden illicit content into web pages of innocent third-party web sites.
Thousands of web site owners are unaware that their sites are hacked and infected with parasites.
So what you think is your website might not be really yours after all.
One tool to detect the presence of suspicious URLs in hidden frames is by using this tool:
http://www.unmaskparasites.com/
I used this to detect Gumblar, a botnet that infects Web servers and infected Web site visitors for the purposes of installing malcode on PCs that redirects end-user Google searches to fraudulent Web sites.
Posted in how-to | No Comments »
Saturday, August 15th, 2009
First post I’ve seen is dated 7th August 2009.
If you see a comment that goes something like this, DO NOT CLICK ON IT:
seen this really bad blog about you? http://www.jdsense.com/search/redirect.php?f=http://blogs.faecibook.com/sessionid?nglnbskuf
Apparently China based, it will bring you to an authentic-looking FAKE Facebook page that tells you Your Session Has Expired and will require you to login with your email and password.
Its only purpose is to harvest your email address and facebook password, and the creators are writing comments on strangers’ statuses.
So far, the comments have been either “seen this really bad blog about you?” or “I have a 13 year old daughter who is in LOVE with you.”
Apparently, in a few minutes, the message will be deleted.
If you happen to experience this, CHANGE YOUR PASSWORD NOW!!!
Technical info:
It seems the domain was set up on 6th August 2009 under the name Li Wang, registered in Shanghai with email lixing688@gmail.com, and phone/fax no: 86-021-51697771
Posted in case studies | No Comments »
Friday, August 7th, 2009
High-profile websites including Google, Facebook and Twitter have been targeted by hackers in what is described as a “massively co-ordinated attack”. Other sites such as the blogging platform Live Journal were also reportedly targeted.
Full
Posted in news | No Comments »
Friday, August 7th, 2009
Micro-blogging service Twitter was taken offline for more than two hours on 6th August in what the company believes was a co-ordinated denial-of-service (DDOS) attack.
Full
Posted in news | No Comments »
Saturday, August 1st, 2009
Apple is going to release a software patch to fix a recently reported iPhone security vulnerability, which is that specially crafted SMS messages could disconnect the phones from the network, or worse, hijacked.
And not just the iPhone, phones running Windows Mobile and Google Android Oses are also vulnerable.
Full
The BBC, 31 Jul 2009
Posted in news | No Comments »
