Malware on Hijacked Subdomains. Part 2.
About a month ago I wrote about a hacker attack that used hijacked subdomains of legitimate websites to serve malware (fake anti-virus software) off of them. Most likely cyber criminals used a phishing attack to steal credentials of GoDaddy’s domain management control panel and created rogue DNS records for some subdomains to make them point to hacker-controlled servers.
In that article I wondered if that was a new trend (usage of virtually free hijacked subdomains) or just temporary approach that wouldn’t be used anywhere else. Well, this week I came across a different malware attack that also uses hijacked subdomains of legitimate websites.
Continue »»
Tweet Week: May 24-30, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
browser vulnerabilities, Bidvertiser, free security tools, etc. »»
Malware on Hijacked Subdomains. New Trend?
Yesterday, Patrick (aka Noxwizard, phpBB support team member) pointed me at the new malware attack that surfaced this week (first mentioned on May 16th).
The attack creates/modifies .htaccess files to redirect site visitors that come from major search engines and popular websites (e.g. Twitter, Facebook, Wikipedia, Flickr, Ebay, etc) to scareware sites that aggressively push fake anti-virus software. The redirects also occur if visitors request unexisting pages or pages that produce server errors.
This .htaccess conditional redirect approach is nothing new. It has been actively exploited by hackers for at least couple of years (and Unmask Parasites does a good job of detecting such redirects). And while the .htaccess code in this particular case has some new features (maybe more about it next time), it isn’t the most interesting thing about this attack.
Continue »»
Tweet Week: March 29 – April 4, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
security patches, SpyEye vs. Zeus, Black-hat SEO, Google vs phishing … »»
Why is WordPress 2.8.2 a Critical Update?
WordPress has just released a security update.
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site
Unfortunately, the official blog didn’t mention that this upgrade is actually critical and why you should update ASAP. Let me explain this.
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
