YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Australian site under IFRAME attack, along with Wired and History.com

Alex Zaharov-Reutt
Tuesday, 11 March 2008 09:02

Your IT - Home IT

Page 2 of 3
At the time of Danchev’s post, which was earlier today, he says that: “The attack is still ongoing, this time successfully injecting a multitude of new domains into Wired Magazine, and History.com's search engines, which are again caching anything submitted, particularly not validated input to have the malicious parties in the face of the RBN introducing a new malware, in between the pharmaceutical scams that they serve on the basis of an affiliation model.” and in answer to our question on ‘who’s next’, Danchev says that “in terms of high-profile sites, that is Wired.com and History.com.”

Microsoft Office 365 Get your free Trial
Danchev notes that “the same malicious parties behind the CNET and TorrentReactor's IFRAME injection are also the ones behind Wired.com and History.com's abuse of input validation.”

He continues that: “The IFRAME injection entirely relies on the lack of input validation within their search engines, making executable code possible to submit and therefore automatically execute upon accessing the cached page with a popular search query

Danchev notes some other key findings:

“Many other domains have been introduced within the IFRAMEs, a complete list of which you can find in this post, several directly hosted within RBN's network.”

“The main domain serving the heavily obfuscated VBS malware is located within the Russian Business Network's known netblocks.”

“Given the high page ranks of the current and the previous targets, it is evident that the malicious parties are prioritizing based on the possibility to abuse input validation on high page rank-ed sites, presumably in an automated fashion.”

“Keep it Simple Stupid works, as since they cannot find a way to embed the IFRAME at these hosts, a clear indicating of the fact that they've breached them, they figured out a way to inject the IFRAMEs and again take advantage of the high page ranks to attract traffic by gaining on popular key words, or any kind of key words that they want to.”

Danchev discloses that it’s not just Wired.com and History.com that are under attack, but also The University of Melbourne at uninews.unimelb.edu.au, and the following other .edu sites: hcc.cc.gatech.edu, buffalo.edu, uvm.edu, jurist.law.pitt.edu, one military site: fhp.osd.mil, and two torrent sites: bushtorrent.com and torrentportal.com.

Please read onto page 3 for more detail on where the attacks are originating from.


Start 1 2 3 Next 

Sponsored Announcements

Kordia To Deploy ComOps Best Practice Safety and Risk Management Platform

David Bass | ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases