malware

Compromised Data Quality by Malware {Comments Off on Compromised Data Quality by Malware}

by Eric C
In an article from PCWorld entitled “Symantec warns of malware targeting SQL databases,” there has been a spread of malware infecting SQL databases around the world. Although not a serious threat, it could pose to destroy data quality within the database. Originally targeted to Iran, the malware called W32.Narilam, looks for Microsoft SQL databases on the infected server. If Microsoft SQL is found, the malware then finds specific keywords from a file, such as account and financial bond, and then replaces those keywords with random characters. Database administrators who do not make frequent backups of the database will have corrupted data and the loss of data integrity, which could prove disastrous for customers’ data, especially in a banking database. read more...

AJAX Delivering Malware {Comments Off on AJAX Delivering Malware}

by Mike Y
Security researchers found that malware was being separated into different chunks to get through firewalls and stay undetected by antivirus programs. The researchers  from Web filtering vendor M86 Security said “the attack was observed on a currently running server located in China, which is serving malware.” Because the malware is in chunks of code, antivirus software and firewalls have a hard time detecting signatures of malware. AJAX is used to “write generic attack pages which looks benign,” but when the pieces of code are assembled, and when the dynamic content is loaded is when it become malicious. This is when antivirus software can detect virus signatures, but is not foolproof. read more...

Possible AJAX Malware Threats {Comments Off on Possible AJAX Malware Threats}

by Alexander H
Security has always been a major issue for many. Unfortunately, with recent software advancements, it has become even more difficult to maintain and secure potential threats to computers. According to M86 Security, a Web filtering vendor, recent exploitation attacks have been found using AJAX (Asynchronous JavaScript and XML). “These Web exploitation attacks use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevent systems” (Constantin). The attack initially begins on the page that contains the harmful piece of JavaScript code that resembles those found on legitimate AJAX-using sites. The piece of code retrieves the payload in multiple chunks and assembles it back together on the client before executing. This technique makes it difficult for security programs to detect the attack due to the exploited vulnerability. Malware authors tend to use AJAX due to its ability to write generic attack pages, which often look like normal pages. It is recommended that users stay away from sites or web resources they are not familiar with to avoid any potential threat. read more...

More than 20,000 websites are likely infected with malware {Comments Off on More than 20,000 websites are likely infected with malware}

by Taylor G
Google warned this week that as many as 20,000 websites could have been hacked and injected with JavaScript redirect malware.  Google sent out a message this week that said, “Specifically, we think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites.”  They warned owners to look for files containing “eval(function(p,a,c,k,e,r)”.  Apparently the code can be placed in HTML, JavaScript, or even PHP files.  The malware could’ve even affected the owner’s configuration files.  Google wanted to make it clear that this malware should be removed to fix the vulnerability to protect site visitors, as well as updating this software and maintaining contact with their web hosts for technical support.  This isn’t the first time Google has had an anti-malware campaign, in July Google excluded more than 11 million URLs from a specific domain, “co.cc”, because they were said to be used by cybercriminals to spread antivirus programs and conduct drive-by attacks. read more...

The Google Warning {3}

by Ermie C
This article is about how Google has warned over 20,000 websites that they could be infected by Malware.  They suggested that some pages may be hacked with certain javascript that will lead their users to pages that they install Malware.  Many of the type of codes are used are HTML, PHP, and JavaScript.  Also, the websites were warned that their server configuration files may be compromised.  Last July, Google started to crack down on many websites that may be infected and that’s Google trying to show their concern and help for webmasters. read more...

Malware in JavaScript? {3}

by Quoc L
In this age of mobile connectivity, hacker and exploiter is always looking for new technique in hide their malicious programs. ESET senior researcher have found a new malware exploit using JavaScript. These malware are hidden within the JavaScript OnMouseMove Event code. When  guest visit the compromised site and used their mouse, the malware will instantly active. The malware  avoid detection from security web crawler by reminding deactivate whenever there no mouse movement. Another technique that hacker use it by place snippet of code within a applet, which will later decode the applet and install the malicious software into your computer. read more...

Hacking Using SQL injection {1}

by Stefan S
Based on this recent article, it’s found that SQL injection is still commonly used as one of the top methods in attacking database. Over the last weekend, the SANS Internet Storm Center found about 1 million URLs worldwide infected by ‘lilupophilupop’ malware. The most infections occurred in The Netherlands domain. Public report regarding this attack is expected to continually increase. read more...

Security for your Andriod Device {2}

by Penny C

A lot of us have made the choice to upgrade our phones to “smart-phones” and most of those smart phones run Android OS.  As we all know Android is an open-source OS and is vulnerable to attacks, just like our computers are.  Attacks could be in the form of sending and receiving SMS/MMS, extract private information from the phones or make the phone unusable.  Now for those of us who have unlimited text messaging plan, the cost incurred from those SMS/MMS is not much of an issue but the phone has been compromised.   Per article, the attacks occur through cellular networks, Bluetooth, the Internet (WiFi, 3G), USB and other connections.   Smart-phones have not been around as long as computers but malware for smart phones took 2 years to get to the level that the computers took 20 years.   The astounding speed is due to the experience gained through writing malware for computers, according the authors.  So smart-phone security is becoming a fore-front battle. read more...

MySQL Website Compromised to Inject Malware {3}

by Daniel L
Database management systems are an integral part of many products and services that are offered over the World Wide Web.  MySQL, one of the most common open source database management systems and key component of the LAMP software  stack, caught the attention of hackers on Monday, September 26, 2011.  According to security vendor, Armorize, the  hacker used JavaScript code to inject malicious software onto Windows PC users who visited the MySQL website between the hours of 5 a.m. to 11 a.m. Pacific Time Monday.  Armorize also stated that the particular method that was used to attack website visitors is known as the Black Hole exploit kit; however, there is no indication of what the malware was designed to do.  This is not the first time that the MySQL website has been hacked, they were hit earlier in the year, as well as other open source websites such as Linux.com and Kernel.org.  A hacker on a Russian forum using the alias, sourcec0de, claims to have full permissions and administrative rights to the MySQL servers, and he is even willing to sell root access for $3,000.  Although, it is unclear if the hacker had root access, he posted screenshots which showed that the MySQL web servers were indeed compromised. read more...