PC Virus Attacks ‘LiveJournal,’ Steals E-mail IDs

According to recent news reports, blogging site 'LiveJournal' was attacked by a virus, which spreads rapidly and seizes e-mail addresses of people who logged in and generated entries. These entries were private but the attack made them available to everybody.

A simple glance at a posting on LiveJournal caused the virus to self-propagate on users' computers as the posting already contained the malware. Following the theft of the e-mail addresses, the virus planted malicious software on the users' accounts, which further attacked other visitors of LiveJournal.

Moreover, employees of LiveJournal posted a blog in which they stated - the incident generated a small amount of privacy breach but it was a serious issue. Therefore, they decided to make a post in order to notify everyone about the problem along with the activities performed by the virus. The blog post also indicated to the suggestions an affected user should follow to block the spreading of infection.

The employees further wrote that authentication cookies, passwords and similar sensitive information weren't captured. Besides, the virus even left users' PCs undamaged.

The reports further state that the attack after remaining alive for approximately 2-hrs was successfully aborted on September 22, 2009 at around 8:50 pm of California time.

Moreover, web-security researchers explained that the virus would disseminate via malevolent media files from Adobe Flash, which employed "cross-domain scripts" for making illegal modifications to user accounts.

It managed to spread as users watched an entry that contained the contaminated Flash media, which resulted in the script changing the final account entry and loaded that entry with the malicious software.

Additionally, the employees' posting speculated that the entries, which planted the malevolent media files numbered less than 100, but it warned that the total number of contaminated visitors could be higher.

Commenting on the assault, a security specialist of web application named Mike Bailey who is also an experienced researcher at Foreground Security stated that certain configurations on the LiveJournal website apparently allowed the malevolent Flash media to use the site's privileges for executing JavaScript, an action that was forbidden on websites where user content was generated, as reported by TheRegister on September 23, 2009.

Related article: PC-Virus of 2005 Threatening Japanese Bank Accountholders, Warns Symantec

» SPAMfighter News - 10/15/2009