NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0202 Hackers Penetrate DreamHost to Load Malware:
Hackers have been able to load malware onto the official Mercury music awards site, as well as hundreds of other sites, after breaking into the systems of US-based hosting firm DreamHost. DreamHost reportedly blamed a security flaw in its web control panel software for an attack that allowed hackers to compromise a "very small subset" of user accounts, and said affected customers have been notified by email. DreamHost, which hosts more than 500,000 domains, said ~3,500 separate FTP accounts were compromised by the hack. UK-based web security firm ScanSafe said attackers used the insecure web controls at DreamHost and attempted to take advantage of the iFrame vulnerability in Internet Explorer to download Trojan horse malware onto the PCs of visiting surfers running vulnerable versions of Windows. The firm said only web content - not credit card or billing information - was compromised.
(www.theregister.co.uk, 07JUN07)