Hackers’ Code in MySpace Pages Installs BotA number of legitimate pages on MySpace have been corrupted due to drive-by exploits being embedded in them, warns researchers at Internet Storm Center, as reported by Itnews.com on June 28, 2007. According to Johannes Ullrich, CTO for the ISC, the malicious code in MySpace pages downloads a dangerous bot called FluxBot. The bot, which does not connect to any central command, relies on complex networks of proxy servers that keep changing, thus making it extremely difficult to remove the bot from affected systems, said Ullrich. These accounts were possibly compromised, said Ullrich. For that hackers may have taken over around 36-48 pages. MySpace authorities who reacted without delay were setting the issue right, as per the news reported by Darkreading.com on June 27, 2007. The embedded malware attempts to take advantage of an old bug in Microsoft's Internet Explorer browser, Ullrich said. Although the bug got a patch in mid-2006, yet it would install FluxBot if it allows the exploit. The hole in the IE is not particularly risky but it affected many people. There could be a large number of uses without patches for their IE versions, Ullrich added, and Itnews.com published it on June 28, 2007. The popular MySpace site provides users the opportunity to make changes in their own pages, said Ullrich. Since there is a lot of trust on MySpace, people don't shut down the JavaScript when they visit the site. The company, MySpace might be reliable but the content that users build may not be trustworthy, Ullrich explained. Informationweek.com published this on June 27, 2007. This implies while honest people construct pages on MySpace, cyber criminals at the same time behaving as regular users could create their own malicious pages to infect unwary surfers. In February 2007, two individuals acknowledged charges on them that they wrote malicious software to make $150,000 through illicit means on MySpace. The two men Shaun Harrison and Saverio F Mondelli from New York pleaded to the charge of unlawful computer access. But some other charges consisting of attempted extortion and unauthorized computer access were dismissed, said Jeffrey McGrath, deputy district attorney for Los Angeles County. Related article: Hackers Redirect Windows Live Search to Malicious Sites » SPAMfighter News - 7/7/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
