Polymorphic injection attack targets WordPress blogs. Security researchers have identified a sophisticated mass injection attack that uses polymorphic obfuscation and so far has targeted WordPress blogs at a U.S.-based hosting provider. According to a principal virus researcher at Sophos, the attacks began in the middle of November, and they all seem to affect Web sites running the popular blogging platform. Successful infection will result in one or several .php files being dropped on the Web server in multiple WordPress directories. However, despite the .php extension, these rogue files actually contain malicious JavaScript code obfuscated with a technique that makes every one unique. In the security world this is known as polymorphic code and is used to evade antivirus software and intrusion detection systems. The second step of the attack is to inject code in legit .js files used by WordPress, like the jQuery library, with the purpose of loading the .php files along with them. Finally, when the obfuscated JavaScript makes it onto the pages parsed by the visitors' browsers, it generates a hidden element. This element is meant to load malicious content from remote servers in an attempt to infect computers with malware.
Source: http://news.softpedia.com/news/Polymorphic-Injection-Attack-Targets-%20WordPress-Blogs-169953.shtml
Monday, December 6, 2010
Beware! New Facebook Scam
Murder video scam circulating on Facebook. Facebook scammers are luring users into signing up for premium rate services with promises of a video showing a guy killing his roommate after playing Black Ops. The new spam messages, which, according to security researchers from GFI Software are rapidly spreading on the social networking site, read: "TODAY ONE GUY KILLED HER ROOM MATE WHILE PLAYING A BLACK OPS GAME IN NETWORK. LIVE DEATH VIDEO CAUGHT ON CAMERA" Black Ops refers to "Call of Duty: Black Ops," the seventh installment in the Call of Duty game series, which was just released. This, of course, is just a lure and there is no video of any killing. Clicking on the picture as instructed prompts a permissions request dialog from a rogue Facebook app called "Shock news." The application wants access to post on people's walls. Allowing it to do this will cause users to unknowingly send spam from their accounts. The app prompt is followed by a so called "human authentication" test, which requires people to take an IQ quiz that tries to sign them up for a $9.99 per month SMS service.
Source: http://news.softpedia.com/news/Murder-Video-Scam-Circulating-on- Facebook-169699.shtml
Source: http://news.softpedia.com/news/Murder-Video-Scam-Circulating-on- Facebook-169699.shtml
Subscribe to:
Posts (Atom)