NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0424 Hackers Infect Thousands of Web Pages:
Hackers looking to steal passwords used in popular online games have infected
more than 10,000 web pages in recent days. The web attack, which appears to be a
coordinated effort run out of servers in China, was first noticed by McAfee
researchers on Wednesday, 12 March. Within hours, the security company had
tracked more than 10,000 web pages infected on hundreds of web sites. McAfee
isn't sure how so many sites have been hacked, but "given how quickly some of
these attacks have come on, it does seem like some automation has gone on," said a
researcher with McAfee's Avert Labs. In the past, attackers have used search
engines to scour the Internet for vulnerable web sites and then written automated
tools to flood them with attacks, which ultimately let criminals use legitimate sites to
serve up their malicious code. The infected web sites look no different than before,
but the attackers have added a small bit of JavaScript code that redirects visitors'
browsers to an invisible attack launched from the China-based servers. This same
technique was used a year ago, when attackers infected the web sites of the Miami
Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game.
The attack code takes advantage of bugs that have already been patched, so users
whose software is up-to-date are not at risk. However, McAfee warns that some of
the exploits are for obscure programs such as ActiveX controls for online games,
which users may not think to patch. If the code is successful, it then installs a
password-stealing program on the victim's computer that looks for passwords for a
number of online games.
(IDG News Service 13Mar08)