back to article Thousands of sites loaded with potent malware cocktail

Cybercriminals have laced about 2,000 legitimate websites with a potent malware cocktail that surreptitiously attacks people who browse to them, a security researcher warned Friday. Unlike past outbreaks of the mass web attack known as Gumblar, this round actually plants exploit code on the website servers themselves. …


This topic is closed for new posts.
  1. Sitaram Chamarty

    ftp vulns can be fixed...

    I've long maintained that any admin who uses (or requires the use of) normal ftp for authenticated access of any kind should be taken out and shot [*]

    In the two cases of gumblar infection I have seen so far, the infected party's hosting provider had given them plain ftp access to their space.


    [*] ok I was half joking there... you dont have to take him out

  2. Jess


    Will noscripts on firefox provide protection?

    Or is it time to go back to lynx?

  3. Mark Eaton-Park

    Easy answer

    Make the owner of the vulnerability responsible for repair, if they leave people's machines open to attack they should have to pay to repair any damage done by their bad coding

  4. yossarianuk

    Linux Desktops still safe !

    Although some of the servers hosting the malware will be Linux servers (some will be windows,etc) these facts remain:-

    - Linux Desktop users are still unaffected by the malware - i.e clicking on a malware link on a linux desktop will be safe...

    - The key logging aspect again only mainly one O.S - and its not penguin flavoured.

  5. Neal 5

    Not the cybercriminals to blame is it!!!

    "The trick makes it extremely difficult for webmasters and anti-malware programs to detect the threats."

    In which case then the options are very limited, we can only

    a) blame Microsoft for not fixing cryptapi AFTER MORE than 9 (well 10, NOW) weeks.

    b) blame someone else.

    How about webmasters actually securing their sites. I guess this solution is TOO obvious and simple, so I guess we're back to solution a) or b) again.

  6. Anonymous Coward
    Anonymous Coward

    What to do?

    So is it time to start browsing the web in a dedicated virtual machine that I reset to a known safe snapshot after each use? Either that or switch to Linux or Mac as my desktop OS (not because they're significantly more secure, just that the lower install base results in fewer attacks).

    But what do I tell my less computer literate friends and family? Stop using the web? These new attacks that exploit multiple weaknesses and only require a visit to a web page to trigger are getting ridiculous.

  7. JC 2

    Not to be picky or anything,

    But there's no link to source, and no further info about signs of infection anyone might use to stop backdoor comm.

  8. Anonymous Coward

    Details plz

    So are Linux machines vulnerable?

  9. CD001

    server side script

    The script is server-side; it's PHP which means it'll happily reside on *nix servers... and in all probability it's (cheap) *nix hosts that have been targeted. That does not mean it will affect *nix clients however - it simply uses PHP to glean some information about the user's system, looking for known vulnerabilities - as the story states - initially in Adobe software and then MS vulns.

    Unless you're doing something seriously daft, you should be safe under *nix (depending on payload). Under windows, noscript _may_ prevent the attack if it happens to be blocking Flash at the time of viewing a compromised site. If. however, it's a site that you've already white-listed, all bets are off... and that's assuming you've got Windows itself patched up to date.

    My money is on an FTP breach - there have been a few in recent months, primarily targeting the cheap *nix hosting market - it seems to be something in the way the hosting companies have their systems set-up (open or anonymous FTP access - no IP address restrictions) - using keyloggers was the first "explanation" uttered (e.g. it's not our fault, it's yours for not securing your PC) but it could be packet sniffing or brute force... whatever.

    This recent spate of cracks have normally resulted in .htaccess uploads (full of Mod Rewrite redirects) - it was only a matter of time before someone combined something genuinely dangerous with these breaches.

  10. Cantankerous Old Buzzard

    @Sitaram Chamarty

    Yes, you DO have to take them out before you shoot them -- otherwise you get blood on the carpet. ;^P

This topic is closed for new posts.

Other stories you might like