News
- +
Hackers Hit 10,000 Sites, Launch 'Phenomenal' Attack 19/06/2007 11:18:26
Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts, such as online banking sitesAttackers armed with an exploit toolkit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned today. - +
McAfee CEO ponders consolidation, Cisco threat 05/04/2007 16:41:12
Dave DeWalt on the security industry and McAfeeOn Monday at 6 a.m., Dave DeWalt stood in front of McAfee's Plano, Texas, offices to greet employees with coffee, doughnuts and a handshake. "They were wondering, 'Who's the guy in the suit?'" says the former EMC vice president who became McAfee's CEO on April 2.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. EMC Solutions for Databases Microsoft SQL Server 2005 Nseries iSCSI
Application Modernization: Preserving Your Organization’s DNA
Extending Business Solutions across the Organisation
Growth Strategies in Uncertain Times: Building and Maintaining Lasting Client Relationships in Professional Services Organisations
Using EMC Celerra IP Storage with Vmware Infrastructure 3 over iSCSI and NFS
The IP Storage payoff: Turning your investment into efficient, affordable results
Planning for Improved Email Availability
Linking Employee Relationship Management to Customer Relationship Management
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Attackers armed with an exploit toolkit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned Monday.
As early as last Friday, analysts reported the opening salvos of a large-scale attack based on the multi-exploit hacker kit dubbed "Mpack." The mechanics of the attacks are involved, but essentially attackers taint each compromised site with code that then redirects visitors to a server hosting the Mpack kit -- a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working, and against what countries' domains.
Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts, such as online banking sites.
"The gang behind the attack has successfully compromised the homepages of hundreds of legitimate Italian Web sites," said Symantec researcher Elia Florio in a posting to the vendor's security response blog on Friday. "The list of compromised sites is huge and from Mpack statistics this attack is working efficiently."
Florio said Symantec is uncertain how the sites were originally hacked, but suspected a common vulnerability or configuration problem at the hosting level. Paul Ferguson, a network architect with Trend Micro Inc., would only guess at how sites were hijacked, but said that the 'how' is mostly moot. What's important: "The hackers seem to be able to find a lot of sites to compromise no matter where they look."
By Friday night, Symantec had pegged the number of compromised sites feeding Mpack exploits at 6,000; by today, Websense Inc., a San Diego-based Web security company, said it had tracked more than 10,000. "That's a phenomenal number," argued Ferguson, who said that previous compromised-site attacks using hacker kits could be counted as "several hundred here, a couple hundred there."
Screenshots of the Mpack management console posted by Websense on Monday and Symantec on Friday illustrate the large numbers of computers that have surfed to the compromised sites, and the high success rate of the Mpack-delivered exploits. Although the bulk of the victim PCs use Italian IP addresses, U.S.-based machines are not immune.
"The lion's share of the sites we're seeing are in Italy still," said Ferguson, "but we're seeing sites all over the world as well." For instance, Trend Micro has identified hacker-controlled sites hosted in California and Illinois. The California site is hosted by a company Ferguson called "notorious," but he wouldn't divulge the hosting vendor's name.
"The usual advice we give, 'avoid the bad neighborhoods of the Web,' just doesn't hold water anymore" when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."
Computerworld Member Login
Realise Your VMware Vision: Storage Consolidation and Virtualization for Small to Medium Businesses
10:30 - 11am (EST, Sydney, Australia)
Wednesday, 4th June 2008
Screening live at your PC
Join Computerworld and our expert speakers:
- Jean-Marc Annonier, Research Manager, IT Spending, IDC
- Howard Porter, SMB Channels Manager, VMware
- Clive Gold, Product Marketing Manager Australia/New Zealand, EMC Corporation
to learn about the various virtualization technologies available today and what factors are driving it in small to medium businesses. Discover use cases and technologies that allow successful virtualization and storage consolidation for a more flexible IT infrastructure.
- +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years. - +
IT Security Edition #9: Inside the bug trade. 16/04/2008 09:08:12
This week guidelines are released for the mandatory reporting of security breaches and we go inside the black market bug trade.
North East Water to deploy Gentrack Velocity upgrade 2008-05-12 09:54:00+10
Kroll Ontrack Launches Hardware Erasure Solution 2008-05-09 08:42:00+10
Mitel Releases New Cordless Technologies for IP Phones 2008-05-08 18:11:00+10
Citect earns recertification under the prestigious Service Capability and Performance (SCP) Standards 2008-05-08 14:07:00+10
Citect earns recertification under the prestigious Service Capability and Performance (SCP) Standards 2008-05-08 14:07:00+10
Essential Guide to Risk Management
Most IT professionals understand the basic concepts of risk management, however the number of potential risks is growing, and the impact of some risks is increasing rapidly. This paper will help you consider changing the way you evaluate and protect against risks to your IT operations.
