Posted on 17 February 2010. Tags: Google, hack, hacker, malware, netwitness
This is considered as one of the largest sophisticated cyber attacks ever. Over 75,000 computers in 2,500 companies all around the world has been attacked. It is believed that the attack was started as early as 2008.
The hack targeted credit-card transaction details, emails, corporate data and information in companies who are into health care and information technology industry. Even computer networks at Google were not spared in this attack. Companies in 196 countries were hacked during the last 1 year. The criminal groups involved in this attack are now targeting countries like China and Russia. Read the full story
Posted in Internet
Posted on 04 February 2010. Tags: base64_decode, eval, hack, malicious code, malware, unescape, wordpress, wordpress security
Well my day ended yesterday with a shock and the whole day today was spent in getting back to normalcy. Yes, SEO-Mind.com was hacked. I am not sure how it was hacked, but a whole bunch of codes were injected in the top of each and every file in my server. That would be 6000 + !!! Yes, the number is right!
When I opened any php file, I had a code starting like below on top of the source code:
This in turn loaded a iframe, which would get added to the footer of every page and download malware to visitors local computer. On decoding the Base 64, I found that it had another encrypted code using eval(unescape in it. This created an iframe as follows:
document.write(‘‘);
Now, the problem was, “How do I remove this from the 6000 odd pages on the server? Not just wordpress, the joomla site residing on the same server location was also infected. This means, the malware code was injected into every php file on the server. It had not left a single php file uninfected.
After breaking my head on different things, finally, here is what I did:
1. Took backup of the database
2. Backup of the wp-content/upload folder
3. Downloaded the plugins folder and themes into dreamweaver and removed the malicious code using find and replace. This was around 1500 files. I had to do this because I had customized most of the plugins and themes and I hate doing that to the dozen plugins and themes that reside on my wordpress again. Infact, I have forgotten what I did as it was years earlier.
4. Install a fresh pack of WordPress
5. link the database to it [Please be aware that some WordPress users have mentioned even their database being hacked. Thank God, it did not happen to me!]
6. Drop the upload folder back to the place as its only images, its not prone to hacks or malicious code
7. Drop the cleaned plugins and themes folders to their respective locations
8. Hurray! it started working fine without the code. I am yet to clean up the other sites, but wordpress is working great and faster too!!
The next immediate step I took was to increase my WordPress Security.
Though a Hack can happen through various channels, majority of the hacks can be avoided through easy precautions. I am writing an article on how a hack like this can be avoided by following some simple procedures. I will post soon about this. Anyone who had a bad day or a week due to this hack can comment on how you solved it out!! I should be getting a peaceful sleep tonight!!
Posted in Tricks and Tweaks
Posted on 28 November 2008. Tags: antivirus, antivirus pro 2009, malware, spyware
Threat Level: Low
Threat Type: Rouge Program
Antivirus Pro 2009 is a menace and has been infecting computers worldwide. Antivirus Pro is a fake anti-spyware program similar to AntiSpywareXP 2009 mostly affecting Windows XP systems. This fake anti-spyware automatically gets installed on your computer by displaying fake security alerts and fake warning messages.
What does Antivirus Pro 2009 do when installed?
When this fake anti-spyware gets installed, it will automatically configure once you restart or log into your system. While configuring, it would also automatically create a number of fake malwares and spyware files. These files though they are not harmless, are used to depict that your system has a huge number of malwares and spywares and it has been detected by Antivirus Pro 2009. It would then lead you to purchase it in order to remove these malwares. Read the full story
Posted in Internet
Posted on 22 November 2008. Tags: antivirus, malware, rogue software, spyware
Rogue softwares or programs are fake security softwares which automatically installs malwares on an infected computer and gives fake warnings prompting users to purchase the software in order to remove those malwares.
These fake security softwares usually install a Trojan horse inorder to download a trial version of the software or create fake malwares and infect internal programs.
Infection Symptoms
Since the main goal of these softwares are to make the user purchase the software, Rogue software starts to give fake alerts scaring users to purchase the software. An usual warning window would state, “WARNING! Your computer is infected with Spyware/Adware/Viruses! Click Ok to Remove” or something similar. No matter what the user chooses, the software would get installed in your computer.
These rogue softwares ca be detected using good antispyware softwares like AVG Anti-Virus, Ad-ware SE and Avast! to name a few. Still, to remove the rogue software completely, manual removal would also be required.
Manual removal would include removing entries on registry, deleting files and folders and stopping auto run programs.
List of Top Rogue Softwares:
A list of known top Rogue softwares are listed below for your reference:
- Advanced Cleaner
- AlfaCleaner
- AntiSpyCheck 2.1
- AntiSpyStorm
- AntiSpywareExpert
- AntiSpywareMaster
- AntiSpywareSuite
- AntiSpyware Shield
- Antivermins
- Antivirgear
- Antivirus 2008
- Antivirus 2009
- Antivirus pro 2009
- AntiVirus Gold
- Antivirus Master
- Antivirus XP 2008
- Avatod Antispyware 8.0
- Awola
- Brave Sentry
- BestsellerAntivirus
- Cleanator
- ContraVirus
- Doctor Antivirus
- DriveCleaner
- Disk Knight
- EasySpywareCleaner
- Errorsafe
- free-viruscan.com
- IE Antivirus
- IEDefender
- InfeStop
- Internet Antivirus
- KVMSecure
- MacSweeper
- MalCrush 3.7
- MalwareCore
- MalwareAlarm
- Malware Bell 3.2
- MS Antivirus
- PCSecureSystem
- PC Antispy
- PC Clean Pro
- PC SpeedScan Pro
- PestTrap
- Perfect Cleaner
- PersonalAntiSpy Free
- PAL Spyware Remover
- PCPrivacytool
- PC-Antispyware
- PSGuard
- Registry Great
- Saliar
- SecurePCCleaner
- Security toolbar 7.1
- Smart Antivirus 2008
- Smart Antivirus 2009
- SpyAxe
- Spy Away
- SpyCrush
- Spydawn
- SpyGuarder
- SpyHeal
- Spylocked
- SpySheriff
- SpySpotter
- Spyware Cleaner
- Spyware Quake
- Spyware Stormer
- SpywareStrike
- Spy-Rid
- SpyWiper
- System anti virus 2008
- System Live Protect
- SystemDoctor
- Total Secure 2009
- TrustedAntivirus
- TheSpyBot
- UltimateCleaner
- VirusHeat
- Virus Isolator
- VirusProtectPro
- VirusRemover2008
- VirusRanger
- Virus Respone Lab 2009
- Virus Trigger
- Vista Antivirus 2008
- WinAntiVirus Pro 2006
- WinDefender
- WinFixer
- WinSpywareProtect
- WorldAntiSpy
- XP Antivirus
- XP AntiSpyware 2009
- Zinaps AntiSpyware 2008
Posted in Internet
Posted on 27 September 2008. Tags: bug, internet explorer, legitimate, malicious code, malware, Microsoft, patch, spyware
May be I should have posted this a year ago.
A report submitted by Brian Krebs in Washington Post shows that Internet Explorer was unsafe and prone to security issues 284 days in 2006. Surprisingly, Mozilla Firefox was on a security threat for just nine days in the year.
The huge difference shows that Internet Explorer still could not be regarded as reliable even though it has the largest market share of 80 percent.
The detailed report by Brian Kerbs was started in 2005. Kerbs contacted nearly all researchers who had informed about the critical flaws in products by Microsoft. He also examined the dates these security trends or anomalies were found and their submissions. It has been found that Internet fraudsters had used the security flaws in Microsoft for their own benefit all round the year.
| KEY: |
|
Browser vulnerability publicly disclosed |
|
Browser vulnerability actively exploited |
| December 2005 |
Dec. 27: MS06-001 (CVE-2005-4560) – 0day in Windows Metafile Format (WMF). Patch issued Jan. 5. |
|
|
|
| January 2006 |
Jan. 7: MS06-004 (CVE-2006-0020) – Proof of concept for Windows Metafile Format flaw. Patch issued Feb. 14. |
|
|
| February 2006 |
|
|
|
| March 2006 |
|
|
Mar. 16: MS06-013 (CVE-2006-1245) – Proof of concept exploit for IE Microsoft Internet Explorer 6.0.2900.2180 (mshtml.dll). Patch issued Apr. 11. |
|
|
|
Mar. 22: MS06-013 (CVE-2006-1359) – Proof of concept exploit for Microsoft Internet Explorer 6 and 7 Beta 2. Patch issued Apr. 11. |
| April 2006 |
|
|
| May 2006 |
May 31: MS06-043 (CVE-2006-2766) – Proof of concept exploit for MHTML Parsing Vulnerability in IE. Patch issued Aug. 8. |
|
|
|
| June 2006 |
|
|
|
| July 2006 |
July 18: MS06-043 (CVE-2006-2766) – Proof of concept code for Microsoft Internet Explorer 6 on Windows XP SP2 (setslice). |
|
|
| August 2006 |
Aug. 27: MS06-067 (CVE-2006-4446) – Proof of Concept exploit for Microsoft Internet Explorer 6.0 SP1 (DIRECT ANIMATION). Patch issued Nov. 14. |
|
| September 2006 |
|
Sept. 13: MS06-067 (CVE-2006-4777) – 0day flaw in Internet Explorer 6.0 SP1 (daxctle.ocx). Patch issued Nov. 14. |
Sept. 18: MS06-057 (CVE-2006-3730)
- IE 0day Vector Graphics Rendering engine (vgx.dll), as used in
Microsoft Outlook and Internet Explorer 6.0. Patch issued Sept. 26. |
|
Sept. 26: Exploited in the wild. Patch issued Oct. 10. |
| October 2006 |
|
| Oct. 24: CVE-2006-5559 – ADODB.Connection 2.7 and 2.8 ActiveX control objects in Internet Explorer 6.0 Unpatched. |
|
| November 2006 |
Nov. 3: MS06-071 (CVE-2006-5745) – 0day: IE-related (not installed by default on Windows). Patched Dec. 14. |
| December 2006 |
|
|
Compiled by Brian Krebs, washingtonpost.com – January 4, 2007
The first major flaw was done by organized criminals who hacked sites and placed codes which can steal passwords using spyware on systems which use Internet Explorer. Microsoft did not take this attack serious and within few days, thousands of customers were already attacked due to this spyware. Since Microsoft was stubborn, a third-party patch was created by some security experts to fix the bug until Microsoft finally developed the fix.
Again in September, hackers used an unpatched flaw in non-Microsoft web server software and installed malicious codes in a huge number of legitimate websites. Websites affected with this malicious code can infect Windows systems if a user just opens the sites using their browser. Again Microsoft was lazy enough to become serious about this huge treat and third-party patches became the savior until Microsoft issued an official update many days later.
With many more browsers coming into the market, it is time that Microsoft realizes the importance of security and gets alerted and responds promptly than ever before.
Posted in IE
