-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
0day Treasure Hunt: Researcher Hides IE Attack on Web
,----[ Quote ]
| Security researcher Aviv Raff has published code that would allow someone to
| take control of a computer running Internet Explorer, but there's a catch.
| He's not saying exactly where he's hidden the attack.
|
| [..,]
|
| The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker
| to run unauthorized software on a victim's computer. Raff informed Microsoft
| of the flaw on Tuesday and the software vendor has not yet patched it, Raff
| said.
|
| Microsoft didn't get much time to fix the bug, but Raff said he didn't feel
| that Microsoft would address the issue quickly unless he went public with the
| vulnerability.
`----
http://www.pcworld.com/businesscenter/article/145602/0day_treasure_hunt_researcher_hides_ie_attack_on_web.html
http://tinyurl.com/573lln
There's more:
Web Attack Worm Infecting Hapless Sites
,----[ Quote ]
| Though relatively small by Web attack standards with about 4,000 reported
| infected sites, the assault adds invisible code to a site that can force
| visitors to download malware onto their PC. Bad PR, to say the least.
|
| [...]
|
| The worm uses a SQL Injection attack, according to the ISC, but it doesn't
| yet know just what vulnerability is targeted
`----
http://www.pcworld.com/businesscenter/blogs/larkin_on_the_web/145609/web_attack_worm_infecting_hapless_sites.html
A fortnight ago:
Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection
,----[ Quote ]
| A new SQL injection attack aimed at Microsoft IIS web servers has hit some
| 500,000 websites, including the United Nations, UK Government sites and the
| U.S. Department of Homeland Security. While the attack is not Microsoft's
| fault, it is unique to the company's IIS server.
`----
http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html
Hundreds of thousands of Microsoft servers hacked
,----[ Quote ]
| UK Government domains among those hit
`----
http://www.techradar.com/news/computing/hundreds-of-thousands-of-microsoft-servers-hacked-331679
Recent:
Microsoft warns of web server flaw
,----[ Quote ]
| The company has issued an advisory on the vulnerability, which affects
| Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows
| Server 2008.
|
| [...]
|
| "The web server is widely used on the internet, and is a top pick by
| web-hosting providers. We might see web-hosting providers targeted, and their
| clients' websites breached."
`----
http://www.vnunet.com/vnunet/news/2214722/microsoft-warns-web-server
Bots rule in cyberspace
,----[ Quote ]
| USA TODAY REPORTS that on an average day, 40 per cent of the 800 million
| computers connected to the Internet are bots used to send out spam, viruses
| and to mine for sensitive personal data.
`----
http://www.theinquirer.net/gb/inquirer/news/2008/03/17/bots-rule-cyberspace
http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
Botnets Running Rampant
,----[ Quote ]
| How much money is being stolen by cybercriminals? No one knows, and no one
| even knows how to go about coming up with that number, IronPort's Peterson
| said.
`----
http://www.pcworld.com/businesscenter/article/144489/botnets_running_rampant.html
New Massive Botnet Twice the Size of Storm
,----[ Quote ]
| Damballa predicts that even now that Kraken has been outed, it will continue
| growing at least in the near-term -- up to at least 600,000 new bots by
| mid-April. Its bots are prolific, too: The firm has seen single Kraken bots
| sending out up to 500,000 pieces of spam in a day.
`----
http://www.darkreading.com/document.asp?doc_id=150292&WT.svl=news1_1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIIl+6U4xAY3RXLo4RAgkuAJ4oMidaoEfuFJ05ujHU9X8kt6YEPACgkwR2
a3zlTN3s6fMntPLI7MC991k=
=PLfC
-----END PGP SIGNATURE-----
|
|
