Jump to content

Hundred of Thousands of Websites Hacked and Booby-trapped


Guest Supreme Allah

Recommended Posts

Guest Supreme Allah

booby-trapped? boobie?

so yea, step tour firewall game up, the system tool virus i got twice aint no joke

Hundreds of thousands of websites appear to have been compromised by a massive cyber attack.

The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.

Those visiting the criminals' webpage were told that their machines were infected with many different viruses.

Swift action by security researchers has managed to get the sites offering the sham software shut down.

Code control

Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.

Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were re-directed. The fake software is called the Windows Stability Center.

The re-directions were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications.

By formatting the text correctly it is possible to conceal instructions in it that are then injected into the databases these servers are running. In this case the injection meant a particular domain appeared as a re-direction link on webpages served up to visitors.

Early reports suggested that the attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and it is thought that weaknesses in associated web application software are proving vulnerable.

Ongoing analysis of the attack reveals that the attackers managed to inject code to display links to 21 separate domains. The exact numbers of sites hit by the attack is hard to judge but a Google search for the attackers' domains shows more than three million weblinks are displaying them.

Security experts say it is the most successful SQL injection attack ever seen.

Generally, the sites being hit are small businesses, community groups, sports teams and many other mid-tier organisations.

Currently the re-directs are not working because the sites peddling the bogus software have been shut down.

Also hit were some web links connected with Apple's iTunes service. However, wrote Websense security researcher Patrick Runald on the firm's blog, this did not mean people were being redirected to the bogus software sites.

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," he wrote.

http://www.bbc.co.uk/news/technology-12933053

vid on there

Link to comment
Share on other sites

Guest Supreme Allah

is that like that 'antivirus' virus that locked all your sh*t till you bought their software?

the system tool one doesnt ask you to download, ull visit a site then get a warning pretending to be an anti virus and wont let u open up anything else until your in safe mode.

this one seems to look like you may get a prompt, but the guy also said it works in the background.

first and foremost, dont visit fucd.com thats where i got it from twice

the guy also sayin u need a legit anti virus, i dont know if the downloaded ones have viruses on them or whatever, but mine seems to be alright atm

Link to comment
Share on other sites

Guest Fat Eric

i remember going to one site

and they tried to download somethign onto my lappy

IDM saved me though because whenever a download takes place it asks you to start download or cancel.

this came up bare times.

got shook for a bit

Link to comment
Share on other sites

is that like that 'antivirus' virus that locked all your sh*t till you bought their software?

the system tool one doesnt ask you to download, ull visit a site then get a warning pretending to be an anti virus and wont let u open up anything else until your in safe mode.

this one seems to look like you may get a prompt, but the guy also said it works in the background.

first and foremost, dont visit fucd.com thats where i got it from twice

the guy also sayin u need a legit anti virus, i dont know if the downloaded ones have viruses on them or whatever, but mine seems to be alright atm

did it say which antiviruses can detect it or do you need some other kind of malware/spyware type thing?

i got norton but people say that norton can miss certain things

Link to comment
Share on other sites

Guest Supreme Allah

didnt mention one specifically, I have Kaspersky PURE, had K Internet Security before when i got the viruses, but that was prob my sh*t configuration

but now also, when im searching for stuff that may include sites with viruses i got a sanbox program called Returnil System Safe.

from wiki

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

so if u download something that may have a trojan, run it sandboxed. I only got it recently so im not sure how effective it is.

theres another one called sanboxie

sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
Link to comment
Share on other sites

Macs do get viruses, it's just Windows has almost 90% of the operating system market so obviously people write their viruses targeting them, or you just never hear about mac viruses..

Plus with mac's the viruses for windows may just be sitting there, until you do something like use a usb drive, then connect it to a windows machine which will then infect it.

This just looks like one of those pop ups that looks like Windows Security Center, or "Stability Center" and people end up installing it.

You could have the best anti-virus software in the world, means nothing, it's down to the user to be responsible with what they download/install.

All i use is microsoft security essentials now and it does the job perfect.

Link to comment
Share on other sites

Ohhhh my god I have that vista home security fake virus sh*t.

I can't access anything... Nothing. WTF am I to do.

I've tried safe mode and delete things from processes in task manager but some of them won't allow it. Tried running regedit. No luck. Can't update my virus scan system.

Fml. Someone help???!

Link to comment
Share on other sites

Will the system restore work? I can't load Internet or malwarebytes, which Is what I use, in safe mode.

Im backing up stuff now. If I'm leaving my system running for the next couple of hours is the virus going to spread and do more damage? What should I be expecting?

Link to comment
Share on other sites

Will the system restore work? I can't load Internet or malwarebytes, which Is what I use, in safe mode.

Im backing up stuff now. If I'm leaving my system running for the next couple of hours is the virus going to spread and do more damage? What should I be expecting?

it's really easy to get rid of

i don't think it f*cks with your files or anything, it just tries to get you to pay for a virus removal product

it's a money-making scam

Link to comment
Share on other sites

If I've had viruses in the past I've always been able to deal with them with ease.

But now it's disabled most of my applications. For instance I can access control panel but nothing further. Im glad it won't f*ck with my files. Its annoying I have work to do right now. Going to take it to someone tomorrow, but will be lost without it for the rest of the week.

Link to comment
Share on other sites

Guest Supreme Allah

yea system restore works for me, just make sure you boot into safe mode with networking (press F* when you see the first boot image)

others have said malware bytes and spybot have worked installing in safe mode, but i just went straight for the system restore..

think another way i did it aswell was to boot, press F* then select repair, and when it comes up select system restore

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...