| |

Wednesday, June 3, 2009

Attack on web sites continue

After the gumblar attack last month, another string of web attack continues as 40,000+ web site got hacked and is now part of a large network that redirects users to a site with malicous software. A web security expert said that the attack on web sites is probably done through SQL injection in which makes use of imporperly configured web applications to accept malicious data and get hacked. It could also be possible that the FTP credentials of those sites got stolen as what happened in the previous Gumblar attack. With this magnitude, the attackers is most probably deploying an automated tool to determine vulnerable web sites.

These compromised websites  hosts a malicous script that redirects user to a fake google analytics web site that tests out the vulnerability of the users browser. If no vulnerability is found it is then redirected again to another bogus website that employs "scareware tactics". Prompting the user to download a fake free security software probably an antivirus which contains trojans and other malicous code that infects the user's PC.

To deter such attacks, it is very important to update your Windows, your internet browser and the plug-ins installed. Web applications that are commonly used for attack are java, javascript and adobe. Make sure that you regularly update these components as they get patched when security issues are found. Another important things is to spot scareware applications and not to be fooled by them. More information on scareware can be found on this post.