CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 14th, 2008

Yesterday’s Mass Hack Attack

The number of yesterday’s attack (over 10.000) websites has doubled according to Avertlabs.

Another recent mass attack, is using a JavaScript file rather than an IFRAME. The attack seems to have started about two weeks ago, and nearly 200,000 web pages have been found to be affected or compromised, most of which are running phpBB forum software. The vast majority of attacked websites yesterday’s were active server pages (.ASP). The ASP attacks methods and payload are different than the phpBB ones. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.

A brief video demonstrating how the phpBB attack looks from the end user’s perspective can be found at http://www.vimeo.com/moogaloop.swf?clip_id=781981&server=www.vimeo

.com&fullscreen=1&show_title=1&show_byline=0&show_portrait=0&color=

Share this item with others:

More on CyberInsecure:
  • Apple.com Hit In Latest Mass Hack Attack
  • Google’s Blogger CAPTCHA Under Automated Registrations Attack
  • US Congressional Websites Hit By Mass Defacement Attack
  • Multiple TechCrunch Websites Compromised, Infect Visitors With Malware
  • Thousands Of High-Ranked Webpages Infected With Malware, Including Intljobs.org, WSJ.com, tomtom.com.tw

    • Posted in Mass Web Attacks | Print This Post Print This Post

    This entry was posted on Friday, March 14th, 2008 at 4:06 pm and is filed under Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Yesterday’s Mass Hack Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »