Daily Hacks

Hack Attack Hits 10,000 Web Sites Infected sites feed exploits to visitors

/* Source :- Gregg Keizer, Computerworld */

A large-scale hack of legitimate Web sites to infect visitors’ PCs is much more massive than first thought, researchers said Friday. At least 10,000 sites have been compromised, and have hijacked unpatched systems that steered to their URLs.

On Monday, Mary Landesman, a senior security researcher at ScanSafe Inc., said that she had uncovered hundreds of sites which had been hacked and were feeding exploits to visitors. Friday, Don Jackson, a senior researcher with Atlanta-based SecureWorks Inc., said the number was considerably larger.

According to ScanSafe’s data, approximately 10,000 sites hosted on Linux servers running Apache, the popular open-source Web server software, have been hacked, most likely with purloined log-in credentials. Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger.

If the visitor’s PC is unpatched against any of the nine exploits Jackson listed, it’s infected with new variant of Rbot, the notorious backdoor Trojan he called “a very nasty piece of software.” The end result: The PC is added to a botnet.

Jackson’s can’t prove how the sites were originally hacked, but all the evidence points to the theft of log-on credentials; one reason why he came to that conclusion is that hosts that have been cleaned of the infection — or in some cases even had Linux reinstalled — are quickly reinfected.

“There was no sign of brute forcing [of passwords] just prior to the infection,” said Jackson, “but attackers hosting companies are hit all the time with password attacks. It’s part of doing business.”

Earlier in the week, Landesman of ScanSafe drew a link between the security breach at U.K.-based Fasthosts Ltd., that country’s largest Web hosting vendor, and the site hacks, saying then that the domains ScanSafe had found infected had, or had recently had, a relationship with Fasthosts.

Fasthosts denied such a cause-and-effect, and cited what it called “technical discrepancies” with Landesman’s claims, but said it was investigating nonetheless.

Friday, Landesman said more data during the week had made her change her mind about the link to Fasthosts. “There are a great deal more of these [compromised] sites than earlier,” she said Friday. “There are a number of them that can be traced to Fasthosts, but not all of them do.”

Like Jackson, Landesman remained convinced that the hacks were possible because of stolen log-on usernames and passwords. “From everything we have it does point to some kind of compromise of usernames and passwords,” she said. “My theory remains that the eventual source of the compromise is going to be a fairly finite number [of hosting companies].”

Jackson stressed that while the site hacks were done sans a true vulnerability, the Apache feature used by the hackers — “dynamic module loading” — is little known by most site administrators, making it extra difficult for all infected sites to cleanse themselves.

More to the point, said Jackson, administrators must change every password on the infected server; failing to do so has led to quick reinfections on some hosts. “All passwords must be changed,” he said, “not just FTP and Cpanel passwords.” There’s some evidence, he said, that other passwords besides those for FTP and Cpanel — a popular server control panel program — have been used to access the hacked sites.

Other clues led Jackson to speculate that the attackers are not the usual cyber criminals based in Russia or China, but are likely from North America or western Europe. The code for the hacking and file upload tools lack any comments written in Russian or Chinese, which is normally the case when an attack originates in Russia or China. Instead, the comments and code snippets are in English only. “Almost all the hacking business in western Europe is done in English,” Jackson said, mentioning Germany specifically.

Users can protect themselves from attack by making sure all software on their systems is patched and that their security software signatures are up-to-date. Web site administrators, on the other hand, should disable dynamic loading in their Apache module configurations.

Paypal Phishing Page BE CAREFULL

Hello guys,the strength of sending mail to paypal users to hack their Paypal account have been increased hackers sends an email to Paypal users like your account have been limited or like your payment have been sent or something like that by which you get tensed and go to login to your account using the link given in email.I was shocked to see that from email was support@paypal.com and when i clicked on the link it took me too someother page which looks same like Paypal homepage then i just investigated on it and found that there are some applications available on web using which we can send email to anyone from any address just we need to enter from and to address.So be carefull just whenever you login to your Paypal or any other account just once check the url in your address bar whether it is of correct site or an phising page….

Thank you..

Security Hackers

Computer device security system hacker is one who concentrates on security system mechanicses of computer and network. When letting in those who attempt to strengthen such mechanicses, it’s more often applied near the mass media and democratic culture to advert to those who try access despite this security measures. I.e., the media depicts the hacker as a villain. Still, breaks by the subculture assure their aim in adjusting security system problems and apply the word in an positive feel. They control below an encode from the hack ethical code, which admits that breakage into others computer is bad just that discovering and exploiting security system and breaking off into computing machineun is still a interesting activity that could be executed ethically and legally. The condition accepts strong connotations that are favorable or depending on the context.

Hacking In This Golden Era

In the past few years we have seen the major change in the world of cybercrime. The count of crimes has expanded substantially, just that’s not the all story. Simply increasing the sum of money and people that your society throws at the trouble is no longer enough to keep pace with the changes.

4 or 5 years ago, cybercriminals were generally young male nerds who acted it for play or experiment. They were not bent on profit by their endeavours. They just wanted to impress their peers . They did not prefer to steal money or cause . Altering the logo on a web site was accepted. Breaking up the entire system and asking money to bring back it to normal was never an choice. Hacking was done to earn braggy rights and to boost egos. I

The golden age of hackers has passed. Nowadays, e-crime are the area of formed gangs, much of eastern Europe or China. They’ve just one motive. Gone is any desire to obstruct site proprietors or causa unmindful e-vandalism. Nowadays it has been all about making money.

Black Hat Hacking

Black hat hackers are those who brings down computer security system without authorisation or who applies technology for terrorism, or for stealing private informatrions like credit card fraud, onlie account hacking,email id hacking or any other hacking. These could mean taking hold of a remote computer through a net, or software system cracking.

White Hat Hackers

A ethical hacker which is other wise known as white hat is person who breakouts security system but who does so for selfless or at least dis- malicious reasons. White hats broadly get a clear defined code by ethical code, and wish often to attempt to exercise with a maker or owner to improve exposed security system failings, though several reserve the inexplicit or explicit threat by world revealing after a reasonable time as a prod to ensure timely response from a bodied entity. This white hat is also used to describe hackers who work to code more secure systems.

Server Based Data Losing Prevention system

Such system execute on end-user workstations or servers in the organization. Like network-based systems, host-based could address inner also as extraneous communicatings, and can thus be used to contain data feed between groups or different types of users. They could also control e-mail and chat communications ahead it is stored in the corporate archive, such that an blocked off communication won’t be identifed in an consequent eligible discovery situation.

Server systems delivers the vantage that they can be monitored and can control access to hardwares (such as mobile devices with data storage capabilities) and in a few causes can access information before it’s been encrypted. Some server based systems can as well allow application program controls to block up attempted transmission system of confidential information, and allow prompt feedback to the user. They’ve the disadvantage that they ask to be set up’d on all workstation in the network, can’t be used on mobile , or where they can’t be practically installed.

Network Data Loss Prevention

Network Data Loss Prevention also referred to as gateway-based systems. This is generally dedicated computer hardware/software package, generally installed upon the organization’s web network connexion, that analyse net traffic to lookup for unauthorised info transmission system. They have the advantage that they’re mere to set up, and offer at relatively inexpensive of possession. Since decrypting network traffic at high-velocity costs highly complex and hard (transmitted objectives are bumped into little parts, often encrypted, then assorted with opposite traffic), Net established systems commonly incorporate with or let in technologies to discover information ‘at rest’ while it is stored in file systems and databases. Breaking sensible data at rest are far simpler and less time consumerl, there by admitting bigger levels off of accuracy. Admitting sigs of data described at rest, and then looking to such sigs when information covers the net boundary, is a formula favoured by almost all Network organization venders to amend accuracy, and to describe sensible data that would otherwise be missed.

Security Measures For Large Scale Organizations

Hackers will really try to hack the database or system of Large Scale Organizations for data which is really valuable here are the measures which Large Scale Organizations must take:

• An secure firewall and proxy to hold uninvited people away.

• A secure Antivirus application and web security system Software.

• For certification, apply password and change it periodically.

• While applying an wireless connection, try to use an password which is cant be guess.

• Exercise physical security system precautions to employees.

Security Measures For Small Scale Organization

Small scale organizations must keep there data safe hackers can misuse their data the simple and common measures to be safe are listed below:

• An fairly secure firewall

• A solid secure Antivirus application and World Wide Web security system.

• Since certification, apply hard passwords and change it periodically.

• While applying a wireless connection, use a strong password.

• Evoke awareness on physical security to employees.

• Apply a optional network analyser or network superviser.