Selected short messages and links you might have missed if you don’t follow me on Twitter.
Oct 6, 2009
Yet another Beladen/Goscanpark story from a server admin
http://www.linuxquestions.org/questions/linux-security-4/virus-in-a-server-malware-running-randomly-in-all-server-sites.-758806/#post3708050
Story from my blog reader: 60 support tickets and 1,000 screenshots before his hosting provider took action. (His site was hosted on a Goscanpark-infected server)
Oct 8, 2009
Researchers Hijack a Drive-By Botnet – insights from the inside
Oct 9, 2009
I see loads of spammy accounts on CommunityServer-powered sites. Sample Google search: http://www.google.com/search?q=inurl%3Amembers+inurl%3Aaspx+tramadol – they look like hacked
The Cash Factory – All aspects of the iframe-injection attack: spam, trojans, passwords, etc.
Oct 10, 2009
The Malware Warning Review Process – from Google Anti-Malware team
If you want more real-time experience, you can follow @unmaskparasites on Twitter.
Similar posts:
I’ve discovered a new emerging malware attack today. Actually two attacks, but in this post I’ll review only one of them – server-wide goscanpark .com/goscansoon .com meta redirects.
I discovered this attack when checked Unmask Parasites logs. I noticed that many unrelated websites contained the same suspicious script so I decided to investigate this issue. The investigation is not complete yet but I think the information I’ve already collected will be useful for owners of compromised web sites. And I hope the missing parts will be added by you, the readers. Update ( July 27, 2009) : the comments are really very informative. make sure to read them.
Continue »»
There has not been much buzz about the recent Beladen attack. Although some sources estimated 40,000 infected web sites, it was clearly not as prominent as the Gumblar. To my mind, it’s because of the elusive nature of the Beladen exploit. It is very difficult to detect. It works intermittently. Only a small percentage of site visitors are exposed to malicious content. Many security scanners just overlook it. Most likely the spread of this attack is underestimated.
In this post, I’ll list every fact I know about the Beladen exploit and hope you will add any missing information in the comments. This format proved to be very fruitful in my recent post about the Gumblar exploit where your 150+ comments made my article the most informative online resource about that attack that most other sites (including major media) referred to.
I hope the information you will find here can help site owners and hosting providers understand the nature of the exploit and get rid of it.
Continue »»