'Legit' website compromises reach epidemic proportions

["Richard M. Smith" <rms () computerbytesman com>]

http://www.channelregister.co.uk/2008/06/05/scansafe_web_malware_survey/

Once upon a time surfers could stay unmolested by malware by staying away
from warez and smut. Those days are well and truly over as changes in
hacking tactics mean that compromised content on legitimate website has
become the main conduit for so-called drive-by download attacks.

Web security firm ScanSafe reports that two in three instances of web-based
malware (68 per cent) it blocked last month came from legitimate sites.
ScanSafe blames the increase on attacks that have planted malicious scripts,
often exploiting iFrame web browser vulnerabilities, on pukka websites.
Hacked sites are commonly used to deliver password-stealing Trojans and
other strains of malware onto compromised PCs.

For example, ScanSafe reported earlier this week that some pages on the
Wal-Mart website were compromised in the latest phase of an ongoing series
of SQL injection attacks. The attack was used to plant exploits of recent
Flash vulnerabilities onto Wal-Mart's site. High-profile victims of malware
attacks in May alone included Nature.com, Foofighterslive.com, Acer.co.th,
Webster.edu and Photopass.com.

Large-scale SQL Injection attacks started around six months ago in October
2007 and are affecting mom and pop website operations as well as household
names. Attacks based on stolen FTP are also playing a significant (albeit
secondary) role, according to ScanSafe.

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.