CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 3rd, 2008

Hackers Use Neosploit To Infect Around 80,000 Sites, Including BBC And US Postal Service

According to Ian Amit, director of security research at Aladdin Knowledge Systems, cybercriminals have used the latest version of Neosploit to booby-trap an estimated 80,000 legitimate sites with malicious code. Victims of the attack include government, Fortune 500, and a weapons manufacturing firm. Victims of the attack also included the US Postal Service, which has since cleaned up its act.

Amit uncovered the assault while researching the newly-released Neosploit 3.1 hacker toolkit. During his research, he discovered login credentials for more than 200,000 servers on a server used by cybercrooks. These credentials included BBC login details fortunately unconnected to the corporation’s news or content sites.

Analysis by Amit and his team at Aladdin suggest that at least three gangs were involved in collecting the list and that 80,000 of these sites had been loaded with malicious code by hackers as part of attempt to infect visiting surfers through drive-by download attacks. Organizations in 86 countries are said to be affected. Amit identified the affected organizations after examining server logs.

“Out of the 200,000 credentials, nearly 107,000 were validated by the criminal server, and of which, almost 82,000 were used to modify Web related content in order to attack the users of the associated sites,” a statement by Aladdin explains.

After closer investigation of the data gathered during the research, it came to attention that not only the criminals were able to get their hands on the government’s BBC site, ftp.bbc.co.uk. If not for the sheer luck that the credentials were not associated with any online material, this incident could have ended up infecting the BBC’s website visitors.

Additionally, reputable universities such as the University of Bradford, a travel agency (easytravelgroup.co.uk), and of course a lot of internet providers and hosting companies were affected. Aladdin is working with CERT and law enforcement agencies worldwide to inform affected organizations about the compromise to their websites.

Incidents where legitimate websites are compromised with malicious code using tactics such as SQL injection attacks have reached epidemic proportions over recent months. The compromises unearthed by Aladdin join a growing list of assaults and victims. Previous targets have included the government of the City and County of San Francisco, Microsoft acquisition target atmdt.com, BMW in Mexico, Hackney Council, and BusinessWeek.com. Tools such as the The Asprox attack toolkit have featured as part and parcel of these previous attacks.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • BBC Website Hit By DDoS Attack
  • Remote Code Execution Vulnerability In The ActiveX Control For The Microsoft Access Snapshot Viewer Added Into Neosploit
  • Exploit Targeting Corporate Computer Associates Users
  • Online Music Service Spotify.com Breached By Hackers
  • List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Hackers Use Neosploit To Infect Around 80,000 Sites, Including BBC And US Postal Service

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.