|
|
|
57,000 Websites Compromised in Mass Attack, ScanSafe Reports
Share
By: Brian Prince
2009-08-24
Article Rating:  / 4
There are 2 user comments on this Security Hardware & IT Security Software story.
ScanSafe has reported a massive compromise impacting 57,000 legitimate sites. When users visit the infected Web pages, they are greeted with a truckload of password stealers and other Trojans.Security
firm ScanSafe has uncovered a campaign that has compromised more than 57,000
Websites in a bid to dump gallons of malware on users computers.
According
to ScanSafe, the sites are being infected with a malicious iFrame via
SQL injection. The iFrame in turn loads what ScanSafe Senior Security
Researcher Mary Landesman described as a potent Trojan cocktail consisting of backdoors,
password stealers and downloader on the compromised Web pages.
The iFrame points to an
intermediary exploit site that loads additional exploits and malware from up to
seven different malware domains.
Analysis of the malware
binaries indicates possible origin in China, Landesman told eWEEK. However,
SQL injection is a global problem, and certainly China is also a victim of these types of
attacks. Currently, ScanSafe is tracking a separate wave of compromises
involving SQL injection in which only Chinese Websites appear to be targeted.
There are about 70,000 compromised Websites in China resulting from those
attacks.
When ScanSafe first
reported the attack Friday, it noted that roughly 55,000 sites were impacted.
The victimized sites include feedzilla.com, latindiscover.com, and sites for
several charitable and nursing facilities.
The malware is installed
silently, Landesman said, and is currently directed at Windows PCs only.
Such mass compromises are
not uncommon. In June, Websense detected the so-called
Nine Ball compromise, which impacted more than 40,000 Websites. In
addition, ScanSafe uncovered a similar campaign earlier this year known as Gumblar.
|
|
�������x}ks8q�v1Ň^~DJɒlkcYZK7SJE1ErIʎg
/=hɏ${nM�@�n4�@'�?{{~$riOI1��%s�t;Dj{{?.G|o�S�/92ruoj셨�C�T!Vi�!_' Qys�{/�!�XM~�j4Lߵc2-rtȊ=yΰ
{�� /�\1r.bLѽ[�@?
*YNsD�ƖHAKd;D��&�3ýtXF?D���cr�:-
>gv��jvkR2j- ��
h��d�f1Sd�XI�/YTU9Bf9mN�MҺ�{~�Zv��l,a�R422V,]�&ȏwUY}Y4[ڍV�Yᳳ�a
��V|k!�-�~��-rG=����j���t$�4^�(xzn$7,7�MA��2t7Q[,r$�BZT,,� Q2o�F�f5B[m�zttċ01�h>s$zb@n�e�>i�l-d��
d{0JUA��Q(h<[\w\��q:�䰊cHx0ʢ+�xׄ̏F�A#�Bv
F+/�Z�FN�u.ŌHo!� >R1ikJ)S*ʯTL
ۏ8E$(TB"r'b"4
_���נ�)j34T
-rg�̮A�Ũ6?MZb^!Cz^�yѿ@^W+G%EU#��YQ�O{�=]M}퉧Cb�,<
���hLݑe�C��Pc5�":.Y#ػKm�9�hw:c�͇9NP�P>>
[i/=jOA�ّVzupt 4@qd3�Z悂`g�탲�~@�2���5�l}nKS�̹�
&3g�=9סvc_�W:!F)s'lW%ğ�=-~7 k��ON�n�'�XCa�Z{�~8`�!6�TfbZ'TMa�=ݝumZB`�u/ƤH~�1ԑq_*G2�w�:��쁄[E�:�yҁYa�$I%&�g$�c�8O7B�1fG�h!']0�<8SJ�KD�^'S4 :�#!�ZTC�ܛyd�v&GYqCc��>"9&珦�>.vn���#Wsn|"[(Htc㞎dg2�i�}PTՖ>�."�#��ۅ.8$�a�\<\eᆌ%�܀SiR���Թ^QӲjOQSbX!yF~ǵ�-�|�?]x>zZzK�$.5P/?ߏj0a#︪)a>�T��*{Yv3�Y"��zdè&3�t�0�&��M|���
ʳG'LhmՊuncA-u5rqBi`%8dV#ud
W;kaX#2c=w&A1:LJaPythш�r/b\҃�U��q��R`�U!`#@~>`8���C#k9!6qE�Ą��)qTc'K�U|͛:aX)TԒ�z,r!,h2N!p;�HG��LLYG4N�)O?\.[Eg`?TCW|yO�1�Jrb$V�4\)Uʹ�zC-L�
�pѓ�
H|E-l٣`�(�@0_d�0R)�U4�d��q<�œ{oF7419�lCL`?s_sɚB�y�K�C`�+�2L�pMg+�,Cr'c�C7}h�P{�E�gA�X79MZceg �MG��rr�
PR)&vh�'a*[whiQmB�Ħs9Y)ŔN yu�Ƞ=%tBE0=IY�'ƈ&H. 駡$�;��BzclA�gnMv.uϼ�KڝB$�p)ۖȦ���̗4.נ��F2���+�`-�>�Ӕ�#��3y-EQ-=V6y��۟
ᡁ�tH1��jn=�CqcrW�I""6q��i<8xjÞ8DMo�
�K{(S
�x�x�joP/[gKt0w��C>�d#ޓd=fι%�g�]D zv`N�sgs V�آx6c
�~U�
JUs&&��0c��e<ώNυ³bpi#�쒫/�kR<�5LN[0�x3�$T)@N��=1'oۨ{�.|q/="[3zxyu?qFγMɛN[*-Y@ouK/Koҭ{g;2CS��:"u��R
K1O&�$Z^VH,*sᔤ�}��xtK�M�=}�%3��Տk�^鴸 u\o�xzo�o=إ��<ߞ@�?��X}&
�~
}x@!z@TžVYjIu�/K\�-"Pn
\~Md--^RS>^_+��'�Vݯ=؞hS,(hGoRp8�/?Vүk4PKh��=�B�xSn|ڹcnO;&���l�/B5ӹiowhcY">(GjY97Z|Ntnn?&u�>RH��0mJCNS(o60eu.�]%=}ܔ&�Y_L��%;�3 *.f ܀)KB�+~�(�6��j�䇁�"c"� :;�=]��¹�j
MUH���T\�CAhɅӔ�JS5LĠc1@h#V>(�r_[3"V��*�/Rq)KMN�+e�%f$SRE!WHe%n!H;喴S."F"�Nh �xYG+'|6aH.;-/ZtDNn8~ ]~<^b1�?Ё(1闀�җuz�ͻ4jU(\r2y܃I*JZ)ѧZI>jG6
zY@v/bD˻3={��#��1�~P0$Z=ݮ�ʥb!2XI}<+TJQ�ʣ-ڡ�3a,1ũ�0� )$�E�ͼ�6�ЏL�kɻk
Uۖ9J/od @�5�D�
�ilpID�>b0z?>R��ZISJe\
B�W0
_*8 a
�kl�"WdK=:Bؑ]UER۲k�Ġx](�6m&�!,��P�v��>�ԲVC*��R|WBx%WBX%$$a�`(1V �UBZk_j!^H��+jX\y:='PK�G1lߜ�tǘsϦa�)qU�<�hfzsI�X.�!yE�< ��&P��{"�O�f��Ӿ"B*=�zIvd1 �+Af
cq$<|
HHHH~�GrIJ;c��KJŒ~r=?=5ȥ911IP4sg}��rΖiY?�7w�i�[۹1kȯL�YAnɭڋtˎ~Su+H�빲b@N����!�os/D�b^۱|Qx�5_#PRߙ��ٗ�7}E/}_Ҁ�DtZ�����FB`>�F��AhxC�m3x��ϥMH��nLŗR2��]vI7ahT�0�Rd h,LA?G/m8�m���0 F�4z !�t蜗J ;�s-�^c4�ٸ�Qn�R�G@(!�z��|���� �a��y�v!b��6mg�1xJM~cCT[Qۏ�C8u;�k[e۲+/ɭhv.%M�}htK�g�2Ll�w��x>tŜz�� $�0>4HtՆ c;20_b!Gڳo"t#-????ޏiJ{#n+>���{!MM@�ڷ`a
��@ !ؽ �GyC`_٦��mqmkbCTqQq/r1ƺ��m�w̛;T_�;s=>QϭŠ60v%/ǞX�tKQDž<`���C,��w% �� }��i�agk.U&}IpT3QewsߩЦY���_}K{;ϖMjQ��O�\YRaRېE9Э[҄.�lſ&2��2_Oe]Oms;2w:t�g"5�pԹngI�a%�+
;�mĨ)e$�Z��:j{;\t:mf4d߆�VJ_R��6�L���ş-N�~eRt�j�(U\�@m�=_dw'ţ2�k-('>ş{晊z8YWaȿ�D,X�= )5,@,�qa�ٕ�)ȁ.cֱ1�ʱ, <~ދ!"pˎZ4���uG�e9L任�}W�F=�%䅨�B?!,q']Es��-5F�ur&�oZ���aX_��1V>L1/p.$ޘD
P`
a"`a?(ĒAǎǣ ��/(/-Iy1|z�/s�To*7�B�M;)
mL1�M�%�>%KZk�V�YR:+Ȉz~f�]!1c⍱PA1-�Q�5(y �jDc0Z`>Rcy�|%ѳbfģ�\ϫ�ah=y�cr="v+c` /J�.�ԛ.≠D#7:S�[sÑ۷�?"n@3~v�mQ�Na)Wa,(;{⍓,$)]Ь�<`/5���?;)3 [G-t�M�s�TaݯuXD+(%\>~":��te_�=%U$d[ߪ4K$¨W+ ��\n�]0A�yIߥcSa�?R)!n%&*
<;s|�c6݊j
J��]0]�a7�E�R>٦G+1m�N&ƿB< E�MR�cL�W<00t+P̲jN�T?\OpY�+-�f�jEt
Mx4��t�)<�]С�ܛ�r@JoIg/4�? ��Pmʼܯ@'BQx��{o {#b2z�ބ�7�#�f;d�_!߰�VI�m{��RK�$y~ZXED���#��iuj}@~/U��Z}�dĂ�>8�&2�B�v7ť@أBg&F��ʱ#-A|���!/vQ^�=x9FI�n(�>kɹ�gMZfB~��0 <���RD�ps<3$ˈ�Ĩx�6tsZ�1;@NC#o�cz��C9 ��c_ZC@e-D�q掙xy��jt?k%|w
R=4Q:&�H�� o�I�~XPXP؞_�?pk2�'H0�^�i0s�s���Xg;(SK�o.2l?>wO�We~s�# s338g;.
9tT(ʁ2<�0t��mcr3�7Υi8Dx$�P!%�h$bzs£cc�o�zwf}��
=f�ٕa*h�ǻ7)1�;e[2Vq&JZ!
���9Iˑ ;�
Yw�É��_�Ч�V#�Lo`9j^39^:9nHiq
+rںi&kM/�ۣԜns|־jW\`$ǩ_K}m |Q)H�5UbvʂbW/�\�³�.Y.3�rxixɆ(a�h,.VuI��PJdَ-!j�bթ_7��W?F�z
uײ�ڲ�ڃϏПxu3�KM4�#Ca�9m�x9��0jIg p�ACзA�ЧA���g'?QF2�2/ "#o�w2ҡ2
*C~2�f�_���e�>�3��
2o�H_�3�J�>e )~7~�{7PMF77��$)c�z{8qz~="9H/j�R**_�yJ)YF�g賲���3Z7_0eй\�ϐ2sܾw2~2Ao�fr^!,.5=P�eϚk�OY[sݴ6�q ��
w�旤I��x]"&[JR-cENXE);sv<�q�sj��¾Ⱦ>w-�:6�H}wl��n]#=D(��s
je&o�~�uQ2K~|^Y;١!�[ԘrEޢ@�)�80ր�z�#�`��ۃkU�i]_/y}�j=YCPUd�T}s&pN!3Jح?1��FZ���g9�b~�F}ic}<�1@�E!zR};�=�v�yo8S0�uc8LCR%9w1EM+�+J9wWrD&0p��9r*CUUEV�_$`r�X��tF(�RyB�T|YW)u�8tCs艓<�KH�P5}"D+)��x�xmTEt��cdAVW��/���սD�3�Bq�
�hlأ{whQĩiSҀ�^����78uW�/�!�M�D��r&߲5<{O;ƻ�8��,dȲi7!cq;?��(l�ybb6Կc�rن29�$�]b�oM\-u�|²/h��h!je>�\nj�g��㶪'qA�h�/}іP�L,y1n]�N__n��X+ف$�6�k ӓ& d|�;n5h_׃,Q$KhD`9rj9�̀�u*}+AfY%Wҧ*�ףr�8�b:Q�+�'@m�U}y
I9%lXpus6�Jh}<���d<���^>!2!|
M�nn�.EXRx�/P#B3�Lql���D|8^`N�<"҂�}I�1�ۭǐk9L<�.M{]u7�\}'��L08٘8Xy�kģ���m1�"��17Gs
��SDo�ݓ����&ka�:��Ss~yB|x
n{I�f��`�:_�M�ZiȮz;&D~�H
)Gv��c�;s5&'#}Z�/]�Y�!~m'PTJF
h>�aאs�(�Q*QSXn�[� n#�"J]=oD]WE4xR
,�4���~n%b)�H*!�JHم_6)�B,v x&)�Zc
t"wR"Z*8l-<�>L'�<"�o
/^c*��SƮ%=HuvyvVn]��_�wɬ_ԷEY zɳm{ơ,i#O H,���W��H�RĢ+c>
&Z-
�9�X#=�v?l��'.ZV0� �"@2$̴u{̡.sH۱�Ә31ѐ8�wx>Z>SElD6x#e�n!"u6�0��<��=O`F@\�I4#
&;>sK*0=�e[W<�(`}u8�p�l}TY�j!t4Z<@ۦ�`�V݈=7QH'�{�yw���U5L_f4��sBqa[�=��`"meS
j6ΝUp=&
l!� Nm7[�樥Kі�f*n<{Ԋ MGO0�yeѵh_�q�Y?[�HI�5�"`V<�3ʕb�D,\i�.936lʸ-�׀/��H�v"��].�,ϱ�{��U�b�zG �;uf5�..wm?h�wX���uLq�X�.��OԣANLWЅc~�Ohb�x��賩w�i��,#gyA��n�#Ԣ'3�V�v=X�mr?s,s�]�al�Dkqb�?c�>Ÿ�3a"
E3M�o��V/|g�ȳ�H`F,�~8"Xo+��%��m�'�
k�Q ��ϦN ��wP�E$jB3�t3m�bWT.xrt<�XȇG ��T�;'64>ډd�##f���(4'=kh`�܅Q�_�Xq�K�>_V
˛_lwYj ;|)D=C�08ἋpI\�']HJTqUQ|j_�$7�,,}|SO�ݏWM)h,=P4RDu� $��|zپ:Ofī
]_e/�,@��Wy�K{5JH�ydM+�cQd:6pzZr���[]vɮ��G'e1RU>\J�RUkM$5w~f\N$GZ܄c>�BKFlx�76�!$Pk{�n ��
|
Security Hardware & IT Security Software 
