Media Temple Customers Attacked Despite Thorough Cleansing
Softpedia in its news published on August 16, 2010 reports that customers of Media Temple the company which provides software application and web hosting services were recently targeted with bulk injection attacks even though the company put its best efforts towards cleansing and securing its affected websites.
Notably, the earlier attack on Media Temple happened during the 2nd week of August 2010. While in that, the rogue code was injected into .php scripts or .html files, in the current one, the code injection is into .js files which prevail on the malicious server from before only.
Moreover, the malware employed in the new assault is obfuscated at two levels with an aim to download a malicious code from bl.pqshow.org, which is an outside sub-domain. Evidently, if no .js files appear in the scenario from a pre-existing situation, the attacker would insert the code into the routine .html files while enfolding it with a pseudo-element, <ads> </ads> possibly for preventing any suspicion over it.
Meanwhile, similar to all the earlier assaults on Media Temple, the latest one also has the server using the host, C I Host (Florida, Tampa).
Furthermore, the current attackers conceal the infection via maintaining the infected files' 'modification date' same throughout. Reveals a post on the Unmask Parasite blog, the infected files' modification dates remain unaltered. In all probability, attackers, with a PHP script insert malware and subsequently retain the first alteration date. They may further alter directory and file permissions, the post explains.
Significantly, in a query related to Media Temple's frequent assertion that it has secure infrastructure which's not to be associated with the attacks Sinegubko asks, if the problem is a fault in an intermediary application then whatever exactly is the fault? And if the problem is due to file permissions that aren't adequately strict, then what all have been regarded as secure permissions?
Related article: Math Problem in Computer Chip could Shake Global E-commerce
» SPAMfighter News - 8/23/2010
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!