Media Temple Customers Attacked Despite Thorough Cleansing

Softpedia in its news published on August 16, 2010 reports that customers of Media Temple the company which provides software application and web hosting services were recently targeted with bulk injection attacks even though the company put its best efforts towards cleansing and securing its affected websites.

Says Denis Sinegubko, the person who created the website scanner Unmask Parasites that spots malicious code inserted inside web-pages, the latest assault, which resembles an earlier one, relies on adding disguised JavaScript to the prevailing .js files. Softpedia reported this.

Notably, the earlier attack on Media Temple happened during the 2nd week of August 2010. While in that, the rogue code was injected into .php scripts or .html files, in the current one, the code injection is into .js files which prevail on the malicious server from before only.

Moreover, the malware employed in the new assault is obfuscated at two levels with an aim to download a malicious code from bl.pqshow.org, which is an outside sub-domain. Evidently, if no .js files appear in the scenario from a pre-existing situation, the attacker would insert the code into the routine .html files while enfolding it with a pseudo-element, <ads> </ads> possibly for preventing any suspicion over it.

Meanwhile, similar to all the earlier assaults on Media Temple, the latest one also has the server using the host, C I Host (Florida, Tampa).

Furthermore, the current attackers conceal the infection via maintaining the infected files' 'modification date' same throughout. Reveals a post on the Unmask Parasite blog, the infected files' modification dates remain unaltered. In all probability, attackers, with a PHP script insert malware and subsequently retain the first alteration date. They may further alter directory and file permissions, the post explains.

Significantly, in a query related to Media Temple's frequent assertion that it has secure infrastructure which's not to be associated with the attacks Sinegubko asks, if the problem is a fault in an intermediary application then whatever exactly is the fault? And if the problem is due to file permissions that aren't adequately strict, then what all have been regarded as secure permissions?

Related article: Math Problem in Computer Chip could Shake Global E-commerce

ยป SPAMfighter News - 23-08-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next