Security Friday : Web Attacks Galore
Scrapkut worm spread via code injection
A new breed of malware targets the scrap book feature on Google’s Social Networking site Orkut and spreads by active code injection as scrap book entries to all the contacts of the user.
People who click on the link are redirected to an external site hosting malware that’s disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims’ friends, recommencing the infection cycle.
The details on the malware can be obtained from Symantec’s website. There was a malware attack of prominence a while back on Orkut through a Cross Site Scripting error which was eventually fixed.
Malwares going local to target applications:
Malwares authors are virtually leaving no stone unturned in their bid to target users based on specific country, language, software or company. These sort of attacks make a lot of sense since the internet has brought the whole world under one accessible media.
Jeff Green, Senior VP of McAfee’s ‘Avert Labs’ says that: “Malware has become more regional in nature during the past couple of years. This trend is further evidence that today’s cyberattacks are targeted and driven by a financial motive, instead of the glory and notoriety of yesteryear’s cybergraffiti and fast-spreading worms. We’re in a constant chess match with malware authors, and we’re prepared to counter them in any language they’re learning to speak.”
With the proliferation of Web 2.0 also, there are several intricacies that are opening up for malware authors to exploit. This is because security is as of now not core to the architecture of the internet and as more sophisication gets added to the software designed for web, more points of insecurity are bound to open up.
CAPTCHA’s are getting compromised
CAPTCHA, that stands for Completely Automated Public Turing test to tell Computers and Humans Apart, no longer presents an insurmountable threat to spammers. There have been reports MessageLabs on the increase in the number of spam mail from webmail accounts.
Google is the latest free webmail provider to be victimised by spammers’ efforts to create software to solve the codes. At times, spammers also employ people to solve the codes en masse.
“It’s only a matter of time before [CAPTCHAs] are comprehensively defeated,” said Paul Wood, senior analyst at MessageLabs, which has predicted a spam bonanza in 2008.
While the success percentage of the techniques being used by the spammers is low, on a higher frequency that is sufficient to create a big problem. Perhaps its time to think about newer twists to the concept CAPTCHAs, such as removing text for pure image based identification.
Trend Micro victim of major malware attack
Ironically, security vendor Trend Micro announced that it has fallen victim to a massive web attack which installs password stealing software on the PCs of those who visit the affected pages.
Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft’s Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages. A software bug in any of those programs is all the attackers need to install their malicious code.
The infected Web pages are not obviously malicious, but the attackers have added a small bit of JavaScript code that redirects visitors’ browsers to an invisible attack launched from servers based in China. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game
The attacks are thought to be directed towards ActiveX controls which may not be patched or disabled. The fact that a security vendor should fall victim to such attacks speaks volumes to the precaution one must take online when visiting sites, even legitimate one. A fully patched uptodate system is a great preventive measure.
Arun on March 21, 2008 
Subscribe to our RSS Feed
Related Articles
Bookmark
Got something to say?
Sponsors
Popular Articles
- 18 Undiscovered Websites Every Gamer Should Know
- Top 6 Bizarre Online Gaming Incidents
- 25 Incredible Skins, Resources & Tools for the Gmail Power User
- 17 Sensational, Free and Downloadable Graphic Novels
- 14 Web Apps to Help You Learn Everything Online
- 8 Bad Decisions When Starting a New Website
- Top 10 Places to Get Movie, Music and Game Reviews Online
- 17 Guerrilla Marketing Ideas for Your Website
- Who Spent $10 For These Domain Names? Seriously!
- 7 Tips to Keep Windows XP Fast and Responsive
- South Park Zone: Watch Free Episodes Online
Recent Articles
- Convert MIDI to MP3 Online and for Free
- Google Chrome: Links to the Best Coverage
- August 2008: Thanks to Our Sponsors
- Online Quizzes To Kill Some Time
- Understanding Arithmetic is Key
- Vista Owners Mass Downgrading to Windows XP
- Best Online Flash Games: The Bowman Game
- How Cloud Computing Is Changing the World
- 20 Weird USB Gadgets
- Best Online Flash Games: Winterbells