View Single Post
  #1   (View Single Post)  
Old 3rd April 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default Hundreds of thousands of hacked websites spreading scareware

From http://www.h-online.com/security/new...e-1220474.html

Quote:
Using an automated SQL injection attack, criminals have embedded links to domains carrying scareware in hundreds of thousands of websites. In some cases, visitors to an infected website see an additional page that pretends to be anti-virus software and claims to have discovered an infection on the user's system.

[snip]

Anyone running a web server should check their websites for injected JavaScript tags containing links such as <script src=http://lizamoon.com/ur.php></script>. If found, these should be removed. They will also need to find the SQL injection vulnerability used to inject the nefarious content.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote