BZU PAGES: Find Presentations, Reports, Student's Assignments and Daily Discussion; Bahauddin Zakariya University Multan Right Header

HOME BZU Mail Box Online Games Radio and TV Cricket All Albums
Go Back   BZU PAGES: Find Presentations, Reports, Student's Assignments and Daily Discussion; Bahauddin Zakariya University Multan > Welcome to all the Students > Daily News And halat-e-hazra

Daily News And halat-e-hazra National & Intentional Daily News


Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1  
Old 21-01-2008, 09:01 PM
BSIT07-01's Avatar
Addicted to Computer


 
Join Date: Sep 2007
Location: ------------
Age: 34
Posts: 1,309
Contact Number: ---------------
Program / Discipline: BSIT
Class Roll Number: 07-01
BSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant futureBSIT07-01 has a brilliant future
Linux attack worse than feared

Security researchers claim that a mass attack of websites is much worse than was feared. According to ScanSafe, the attack has affected at least 10,000 sites.

When the attack was first publicised, last Monday, Mary Landesman, a senior security researcher at ScanSafe said that she had uncovered hundreds of sites which had been hacked and were feeding exploits to visitors. However, Don Jackson, a senior researcher with Atlanta-based SecureWorks claimed that the real number was considerably larger.

According to ScanSafe's data, approximately 10,000 sites hosted on Linux servers running Apache, most likely with purloined log-in credentials. Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger.

If the visitor's PC is unpatched against any of the nine exploits Jackson listed, it's infected with new variant of Rbot, the notorious backdoor Trojan he called "a very nasty piece of software." The end result: The PC is added to a botnet.

Jackson's can't prove how the sites were originally hacked, but all the evidence points to the theft of log-on credentials; one reason why he came to that conclusion is that hosts that have been cleaned of the infection - or in some cases even had Linux reinstalled - are quickly reinfected.

"There was no sign of brute forcing [of passwords] just prior to the infection," said Jackson, "but attackers hosting companies are hit all the time with password attacks. It's part of doing business."

Last week, ScanSafe's Landesman drew a link between the security breach at UK-based Fasthosts and the site hacks, saying then that the domains ScanSafe had found infected had, or had recently had, a relationship with Fasthosts.

Fasthosts denied such a cause-and-effect, and cited what it called "technical discrepancies" with Landesman's claims, but said it was investigating nonetheless.

Friday, Landesman said more data during the week had made her change her mind about the link to Fasthosts. "There are a great deal more of these [compromised] sites than earlier," she said. "There are a number of them that can be traced to Fasthosts, but not all of them do."

Like Jackson, Landesman remained convinced that the hacks were possible because of stolen log-on usernames and passwords. "From everything we have it does point to some kind of compromise of usernames and passwords," she said. "My theory remains that the eventual source of the compromise is going to be a fairly finite number [of hosting companies]."

Jackson stressed that while the site hacks were done sans a true vulnerability, the Apache feature used by the hackers - "dynamic module loading" - is little known by most site administrators, making it extra difficult for all infected sites to cleanse themselves.

More to the point, said Jackson, administrators must change every password on the infected server; failing to do so has led to quick reinfections on some hosts. "All passwords must be changed," he said, "not just FTP and Cpanel passwords." There's some evidence, he said, that other passwords besides those for FTP and Cpanel - a popular server control panel program - have been used to access the hacked sites.

Other clues led Jackson to speculate that the attackers are not the usual cyber criminals based in Russia or China, but are likely from North America or western Europe. The code for the hacking and file upload tools lack any comments written in Russian or Chinese, which is normally the case when an attack originates in Russia or China. Instead, the comments and code snippets are in English only. "Almost all the hacking business in western Europe is done in English," Jackson said, mentioning Germany specifically.

Users can protect themselves from attack by making sure all software on their systems is patched and that their security software signatures are up-to-date. Website administrators, on the other hand, should disable dynamic loading in their Apache module configurations.
Reply With Quote
  #2  
Old 22-01-2008, 09:26 AM
.BZU.'s Avatar


 
Join Date: Sep 2007
Location: near Govt College of Science Multan Pakistan
Posts: 9,693
Contact Number: Removed
Program / Discipline: BSIT
Class Roll Number: 07-15
.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute.BZU. has a reputation beyond repute
Default Re: Linux attack worse than feared

Ahmad (wailedhero) Abh pata chala...
Haan aap nay tu apnay signatures main bhi likha diya hay na
Quote:
I love LINUX! Curse on Windows!
Abh pata chala...
Mujhay tu lag raha hay kay youngspiders.com kay server par bhi yehi wala attack huya hoo ga jis ki waja say unhain server change karna par giya tha...
Aur near about 167 sites aik dam close ho gai thein...
Well jee aur kiya kahoon...
Best of Luck Linux..
& UBUNTU too... (Because aaj insha Allah result announce ho ja ay ga...)
__________________
(¯`v´¯)
`*.¸.*`

¸.*´¸.*´¨) ¸.*´¨)
(¸.*´ (¸.
Bzu Forum

Don't cry because it's over, smile because it happened
Reply With Quote
Reply

Tags
attack, feared, linux, worse


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
For better or for worse Whack .BZU. Chit Chat 0 04-10-2011 05:06 AM
Gossips are worse than thieves .BZU. Quotes 0 28-09-2011 06:04 PM
Chmod permission to files in linux ; Linux Terminal Commands; .BZU. System Admin 0 08-04-2010 10:47 PM
Linux Terminal Commands; Working at linux console mode, .BZU. System Admin 0 08-04-2010 10:46 PM

Best view in Firefox
Almuslimeen.info | BZU Multan | Dedicated server hosting
Note: All trademarks and copyrights held by respective owners. We will take action against any copyright violation if it is proved to us.

All times are GMT +5. The time now is 02:58 PM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.