Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] IE7 and IE8 (Beta): Total Windows System Compromise

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

0day Treasure Hunt: Researcher Hides IE Attack on Web

,----[ Quote ]  
| Security researcher Aviv Raff has published code that would allow someone to 
| take control of a computer running Internet Explorer, but there's a catch. 
| He's not saying exactly where he's hidden the attack.  
| 
| [..,]
| 
| The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker 
| to run unauthorized software on a victim's computer. Raff informed Microsoft 
| of the flaw on Tuesday and the software vendor has not yet patched it, Raff 
| said.   
| 
| Microsoft didn't get much time to fix the bug, but Raff said he didn't feel 
| that Microsoft would address the issue quickly unless he went public with the 
| vulnerability.  
`----

http://www.pcworld.com/businesscenter/article/145602/0day_treasure_hunt_researcher_hides_ie_attack_on_web.html
http://tinyurl.com/573lln

There's more:

Web Attack Worm Infecting Hapless Sites

,----[ Quote ]
| Though relatively small by Web attack standards with about 4,000 reported 
| infected sites, the assault adds invisible code to a site that can force 
| visitors to download malware onto their PC. Bad PR, to say the least.  
| 
| [...]
| 
| The worm uses a SQL Injection attack, according to the ISC, but it doesn't 
| yet know just what vulnerability is targeted 
`----

http://www.pcworld.com/businesscenter/blogs/larkin_on_the_web/145609/web_attack_worm_infecting_hapless_sites.html


A fortnight ago:

Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection

,----[ Quote ]
| A new SQL injection attack aimed at Microsoft IIS web servers has hit some 
| 500,000 websites, including the United Nations, UK Government sites and the 
| U.S. Department of Homeland Security. While the attack is not Microsoft's 
| fault, it is unique to the company's IIS server.   
`----

http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html


Hundreds of thousands of Microsoft servers hacked

,----[ Quote ]
| UK Government domains among those hit
`----

http://www.techradar.com/news/computing/hundreds-of-thousands-of-microsoft-servers-hacked-331679


Recent:

Microsoft warns of web server flaw

,----[ Quote ]
| The company has issued an advisory on the vulnerability, which affects 
| Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows  
| Server 2008. 
| 
| [...]
| 
| "The web server is widely used on the internet, and is a top pick by 
| web-hosting providers. We might see web-hosting providers targeted, and their 
| clients' websites breached."  
`----

http://www.vnunet.com/vnunet/news/2214722/microsoft-warns-web-server


Bots rule in cyberspace

,----[ Quote ] 
| USA TODAY REPORTS that on an average day, 40 per cent of the 800 million 
| computers connected to the Internet are bots used to send out spam, viruses 
| and to mine for sensitive personal data.  
`----

http://www.theinquirer.net/gb/inquirer/news/2008/03/17/bots-rule-cyberspace
http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm


Botnets Running Rampant

,----[ Quote ]
| How much money is being stolen by cybercriminals? No one knows, and no one 
| even knows how to go about coming up with that number, IronPort's Peterson 
| said.  
`----

http://www.pcworld.com/businesscenter/article/144489/botnets_running_rampant.html


New Massive Botnet Twice the Size of Storm

,----[ Quote ]
| Damballa predicts that even now that Kraken has been outed, it will continue 
| growing at least in the near-term -- up to at least 600,000 new bots by 
| mid-April. Its bots are prolific, too: The firm has seen single Kraken bots 
| sending out up to 500,000 pieces of spam in a day.   
`----

http://www.darkreading.com/document.asp?doc_id=150292&WT.svl=news1_1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIIl+6U4xAY3RXLo4RAgkuAJ4oMidaoEfuFJ05ujHU9X8kt6YEPACgkwR2
a3zlTN3s6fMntPLI7MC991k=
=PLfC
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index