iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Massive Attack: 10,000 Pages Compromised
Search:
[ insider_reports_insider ]

Massive Attack: 10,000 Pages Compromised



David Utter
Staff Writer
2008-03-13

SecurityProNews: Insider Reports Insider Reports RSS Feed


A large scale assault on computer users began with the corruption of over 10,000 web pages through code injection. The attackers are looking for online gaming passwords.

Massive Attack: 10,000 Pages Compromised
Massive Attack: 10,000 Pages Compromised

The worst problem about these attacks comes from their targets. Trustworthy websites that people otherwise have no problems visiting may be among those carrying a silent payload of doom and computer gloom.

Security vendor McAfee claims to have detected more than 10,000 pages corrupted by this recent attack. The company's researchers believe the attackers scanned for servers lacking the proper security, and breached them through those flaws.

The attack on visiting web browsers happens silently. A JavaScript redirects the browser to a server in China, where the malware then tries to break in to the PC through known vulnerabilities in Windows, Real Player, and other applications.

McAfee researcher Craig Schmugar called the malware a cascading threat. Each malware page leads to another, leading to another download, then on to another page, and so on.

One payload in particular seeks online gaming passwords. Since high-level characters, items, and gold from the games can be sold to other people, the criminals hope to steal and fence what they can in exchange for real money.

Though many of the pages have been cleaned up in McAfee's determination, other infected sites may exist. Since even trusted sites may possess infected pages, people need to defend their PCs with security software to catch those threats.

Likewise, keeping software patched and up to date will mitigate the typical criminal attempt to reach a system through a known vulnerability. We've seen good results for personal PCs from the Secunia personal software inspector, a free product for individual PC users, in keeping tabs on what software needs patching on a system.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds