Media Temple Customers Attacked Despite Thorough Cleansing

Softpedia in its news published on August 16, 2010 reports that customers of Media Temple the company which provides software application and web hosting services were recently targeted with bulk injection attacks even though the company put its best efforts towards cleansing and securing its affected websites.

Says Denis Sinegubko, the person who created the website scanner Unmask Parasites that spots malicious code inserted inside web-pages, the latest assault, which resembles an earlier one, relies on adding disguised JavaScript to the prevailing .js files. Softpedia reported this.

Notably, the earlier attack on Media Temple happened during the 2nd week of August 2010. While in that, the rogue code was injected into .php scripts or .html files, in the current one, the code injection is into .js files which prevail on the malicious server from before only.

Moreover, the malware employed in the new assault is obfuscated at two levels with an aim to download a malicious code from bl.pqshow.org, which is an outside sub-domain. Evidently, if no .js files appear in the scenario from a pre-existing situation, the attacker would insert the code into the routine .html files while enfolding it with a pseudo-element, <ads> </ads> possibly for preventing any suspicion over it.

Meanwhile, similar to all the earlier assaults on Media Temple, the latest one also has the server using the host, C I Host (Florida, Tampa).

Furthermore, the current attackers conceal the infection via maintaining the infected files' 'modification date' same throughout. Reveals a post on the Unmask Parasite blog, the infected files' modification dates remain unaltered. In all probability, attackers, with a PHP script insert malware and subsequently retain the first alteration date. They may further alter directory and file permissions, the post explains.

Significantly, in a query related to Media Temple's frequent assertion that it has secure infrastructure which's not to be associated with the attacks Sinegubko asks, if the problem is a fault in an intermediary application then whatever exactly is the fault? And if the problem is due to file permissions that aren't adequately strict, then what all have been regarded as secure permissions?

Related article: Math Problem in Computer Chip could Shake Global E-commerce

» SPAMfighter News - 23-08-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial