Worth knowing

[royb]

Another heads-up from the BBC Message Content:
This should also be a warning for those who think they don't need to have virus protectiion as long as they don't visit "dodgy" sites.



Hackers target 'legitimate' sites
More than 10,000 websites have become unwitting hosts of malicious software, say security experts.
Those visiting the hijacked pages risk having keylogging software installed on their PC if it is not protected with the latest patches.

The webpages compromised are all legitimate sites devoted to subjects such as tax, jobs, tourism and cars.

The sites are thought to have been booby-trapped using a malware kit, called MPack, sold commercially online.

Hacked host

The MPack kit was first discovered by Panda Software in May 2007 and is now implicated in infections on more than 160,000 computers.

The kit, put together by Russian hackers, can be bought for $1,000 (£503) and the price includes a year of technical support.

Using the kit, budding hi-tech criminals can churn out code that exploits the latest vulnerabilities in widely used web browsers that work on Windows.

The latest round of infections using MPack is thought to be one of the most successful.

It is believed to have started when malicious hackers got access to one of Italy's largest website hosting companies and seeded servers with the code that attacks anyone visiting those sites.

Security experts say the attack code is "browser aware" and will tune its attack depending on the web browsing software used by a visitor. Attack code is present for Internet Explorer, Firefox and Opera.

Following the initial outbreak in Italy, booby-trapped sites are now turning up in Spain, the US and many other nations.

The new outbreaks come about as the attack code is inserted on more and more legitimate websites.

Hundreds of thousands of users are thought to have been caught out by the infection.

Many anti-virus companies have already updated their security software to defend against the attacks used in this outbreak.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/6221306.stm

Published: 2007/06/20 10:06:48 GMT

© BBC MMVII

[pristinelife]

Thanks for posting this article. Is there a scan we can do to specifically "sniff" this virus out? I'm using AVG antivirus software. Back in 1999 I was one of the earliest reciprients of the "SirCam" virus that wiped out my motherboard. At that time I had McAfee and Norton's installed. Neither of them detected the infection.

PS: and I did not get it from them "doggy sites" neither

[Extemporaneous]

Hmm... I received my first virus ever a couple of weeks ago, and it was a particularly nasty one (vundo.dll). From what I have read, it came in through a hole in my Java VM. I am still cleaning up the mess it left behind, but I would agree that adware- and virus-proliferators are getting more and more clever at penetrating just about any security you decide to throw at them.

The sad thing is that you can't even commend these people for being clever enough to break through security screens, because 99% of them are script-kiddies, and most likely have no idea how the process works, or what their program is doing. As mentioned - some smart person probably wrote the software, and then they sell it to people who wouldn't know what respect and responsibility looked like, even if it hit them in the face.

Back in the 80's when I was hacking, it was still fun :) (the general intention back then was to show people that stuff was possible, now the intent is almost entirely malicious).

[royb]

Not sure about AVG. I would go to their site and ask/root around foer info.

Here are a couple more bits of info.
http://www.lockergnome.com/nexus/bla...first-thought/

http://blogs.pandasoftware.com/blogs...red_2100_.aspx

[LadyEye]

Moving to personal computing section of forum ...

[Vasili]

awwwww...........I liked it where it waaaaaaaassssssss