Security Experts Identify Causes Of Gumblar Attack
Security experts after analyzing the newly launched Gumblar attack, which hijacked a vast number of genuine websites, said that the illegal alterations made to the sites were probably done with stolen 'File Transfer Protocol' (FTP) credentials in addition to SQL Injections.
These analysts belonging to Trend Micro elucidate that the hijacking occurred when hackers gained access to files that operated the web server, using hacked FTP credentials that were collected with the help of the attack's last malware payload. Also, the series of infections through the malevolent scripts, HTML_REDIR.AC and HTML_JSREDIR.AE ultimately led to the loading of TSPY_KATES.G onto the hacked PC.
Reveal the security analysts that TSPY_KATES.G is in fact a spyware program, which other malware might plant onto a user's system. The program could come packed with other malware in the form of a malevolent item. This could then sets up registries so that it gets executed automatically whenever the system starts up. Further the spyware is designed for theft of sensitive FTP details like usernames and passwords that it stores inside a new file, which subsequently overwrites the actual file to bypass identification.
The analysts also believe that the use of TSPY_KATES.G enabled Gumblar to break into more websites in comparison to those that were compromised during the first launch of the assault.
The analysts validated their point with a further explanation that an SQL Injection attack materializes on specific circumstances like the attacked site must be so much flawed that it lets an attacker launch the SQL attack. Thus if the targeted website is not sufficiently vulnerable, then cyber criminals wouldn't be able to gain full access to it or cause it a full-fledged damage.
Nonetheless, on getting FTP credentials the online crooks are granted the same access as that of the site administrator meaning that they are able to completely compromise the site and thereafter use it to supply malware or to execute phishing.
Hence it is important that website administrators keep servers free of malware, prevent unauthorized access to Internet server files, and maintain websites uncontaminated of vicious codes, to keep both themselves and others secured.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 18-06-2009