| Top Security News |
Click Fraud Trojan Targets Google, Yahoo
Top search engines Google, Yahoo, along with China's Baidu, received attention from the ongoing work of click fraudsters distributing a Trojan to boost ad click revenue. A continuing process of nearly daily updates keeps...
Microsoft Fixes Word, Excel Flaws
Patch Tuesday, March 2008 edition, arrived today with new bulletins for Microsoft Office productivity programs Word and Excel. Critical issues in Excel, Outlook, Office and Web components for Office required attention...
G-Archiver Swears Password Theft An Accident
Testing code left within the release version of Gmail backup software G-Archiver sent usernames and passwords to a developer's Gmail account. Another chapter was added to the kerfuffle over G-Archiver...
|
|
A large scale assault on computer users began with the corruption of over 10,000 web pages through code injection. The attackers are looking for online gaming passwords.
The worst problem about these attacks comes from their targets. Trustworthy websites that people otherwise have no problems visiting may be among those carrying a silent payload of doom and computer gloom.
Security vendor McAfee claims to have detected more than 10,000 pages corrupted by this recent attack. The company's researchers believe the attackers scanned for servers lacking the proper security, and breached them through those flaws.
The attack on visiting web browsers happens silently. A JavaScript redirects the browser to a server in China, where the malware then tries to break in to the PC through known vulnerabilities in Windows, Real Player, and other applications.
McAfee researcher Craig Schmugar called the malware a cascading threat. Each malware page leads to another, leading to another download, then on to another page, and so on.
One payload in particular seeks online gaming passwords. Since high-level characters, items, and gold from the games can be sold to other people, the criminals hope to steal and fence what they can in exchange for real money.
Though many of the pages have been cleaned up in McAfee's determination, other infected sites may exist. Since even trusted sites may possess infected pages, people need to defend their PCs with security software to catch those threats.
Likewise, keeping software patched and up to date will mitigate the typical criminal attempt to reach a system through a known vulnerability. We've seen good results for personal PCs from the Secunia personal software inspector, a free product for individual PC users, in keeping tabs on what software needs patching on a system.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews. | |
!
, Inc. 2549 Richmond Rd. Lexington KY, 40509 
0 comments:
Post a Comment