Yesterday’s Mass Hack Attack

March 14th, 2008

Yesterday’s Mass Hack Attack

The number of yesterday’s attack (over 10.000) websites has doubled according to Avertlabs.

Another recent mass attack, is using a JavaScript file rather than an IFRAME. The attack seems to have started about two weeks ago, and nearly 200,000 web pages have been found to be affected or compromised, most of which are running phpBB forum software. The vast majority of attacked websites yesterday’s were active server pages (.ASP). The ASP attacks methods and payload are different than the phpBB ones. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.

A brief video demonstrating how the phpBB attack looks from the end user’s perspective can be found at http://www.vimeo.com/moogaloop.swf?clip_id=781981&server=www.vimeo

.com&fullscreen=1&show_title=1&show_byline=0&show_portrait=0&color=

Email, Bookmark or Share:

More on CyberInsecure:

US Congressional Websites Hit By Mass Defacement Attack

Google’s Blogger CAPTCHA Under Automated Registrations Attack

NASA’s Instrument Systems And Software Engineering Division Websites Hacked

Web Hosting Service Daily Hacked, Clients Websites Defaced With Cartoon Penguins Image

Hackers Jailbreak T-Mobile’s And Google’s Android Phone

Posted in Mass Web Attacks |

Print This Post

This entry was posted on Friday, March 14th, 2008 at 4:06 pm and is filed under Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Yesterday’s Mass Hack Attack

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

Latest News Updates

Adobe published an out-of-sequence update for its Reader and Acrobat software packages that tackles a brace of serious flaws. Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1

Adobe has released a security update for its Flash Player and AIR products. The patch addresses a critical unauthorized cross-domain interaction vulnerability, as well as a Denial of Service issue. Users are advised to upgrade to Flash Player 10.0.45.2 and AIR 1.5.3.1930.

Microsoft published KB Article 980088 in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.

Latest Virus Descriptions

Backdoor.Win32.Clampi.a 25 Sep 2009 14:51:00 +030
This Trojan spy program is designed to steal confidential user data and remotely manage the victim machine. It is a Windows PE EXE file. It is 470 bytes in size. Installation When launched, the Trojan creates the following file: %AppData%\<name>.exe <name&gr; is chosen at random from…
Trojan-Dropper.Win32.Agent.albv 15 Apr 2009 12:17:00 +030
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size. Installation The Trojan copies its executable file as follows: %WinDir%\system\svhost.exe In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link…
Backdoor.Win32.Agent.abgg 15 Apr 2009 12:15:00 +030
This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 22528 bytes in size. Installation Once launched, the Trojan copies its body to the Windows system directory as “digeste.dll”: %System%\digeste.dll In order to ensure that the Trojan…
Trojan-Dropper.Win32.Kido.a 15 Apr 2009 12:09:00 +030
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 78848 bytes in size. It is written in C++.
Trojan-Downloader.Win32.Kido.a 18 Mar 2009 16:36:00 +030
This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\<rnd>.dll %Program Files%\Windows Media Player\<rnd>.dll %Program Files%\WindowsNT\<rnd>.dll %Program…
Email-Worm.Win32.Merond.a 12 Mar 2009 19:36:00 +030
This worm spreads as an attachment to infected emails and also via file-sharing networks and removable media. The worm itself is a Windows PE EXE file. The worm’s executable file can vary between 150KB to 400KB in size. Installation The worm copies its executable file to the Windows system…
Trojan.Win32.Agent.azsy 12 Mar 2009 19:29:00 +030
This malicious program is a Trojan. It is a Windows PE EXE file. It is 417792 bytes in size. It is packed using UPX. The unpacked file is approximately 439KB in size. It is written in C++. Installation Once launched, the Trojan copies its body to the current user’s Windows startup…
Trojan.Win32.Agent2.dtb 12 Mar 2009 19:23:00 +030
This Trojan calls premium rate numbers without the knowledge or consent of the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written in Delphi.
Trojan-Downloader.Win32.Small.ydh 24 Feb 2009 11:45:00 +030
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 34816 bytes in size. It is not packed in any way. It is written in C++. Installation Once launched, the Trojan…
Trojan-Downloader.Win32.Agent.ahoe 24 Feb 2009 11:32:00 +030
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 9216 bytes in size. It is packed using UPX. The unpacked file is approximately 38KB in size. It is written in…

CyberInsecure.com