Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Javascript injection claims UN and UK government sites  (Read 1433 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Comparisons between two mass Javascript injection attacks suggest they may be related, according to a security company. The latest attack has compromised various sites including one United Nations and several UK government sites with links to malicious servers.

On Tuesday Websense reported seeing distinct similarities between attacks staged earlier this month and over the weekend. Specifically, they cite the use of the same tool to execute the attack being resident on the malicious server. Last summer various groups used the MPACK toolkit to propagate a similar series of Javascript injections.

Javascript injections are browser attacks and require no more effort than appending a script tag to the end of the URL. If a legitimate site is vulnerable to script injection, an attacker can add a script tag to the Web-facing page of the site so that subsequent views will automatically download whatever content is within the script tag. Often the script tag contains calls out to a malicious server.

A user need only stumble upon a compromised site to become infected. In this case, when viewing a compromised site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.

As of Tuesday, two other files named McAfee.htm and Yahoo,php were no longer active.

A quick review by CNET News.com found that travel and academic sites continue to host the injected Javascript code.

(Copyright by CNET Networks, Inc.)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising