Posted by: Wayne Huang on 10.12.2011 / Categories: Drive-by download, Mass Injection, Web malware (Credit: Wayne Huang, Chris Hsiao, NightCola Lin) Starting Oct 9th, we've been tracing an mass injection attempt. Currently, there's been 180,000 affected pages, according to Google. The attack targets visitors of six particular languages--English, German, French, Italian, Polish, and Breton, seen fro
(credits: Wayne Huang, Chris Hsiao, NightCola Lin) ( To peer researchers: As we all know, researching security incidents take a lot of time and sacrifice; as if they know exactly how to make our lives harder, attackers often launch right before the weekend or a long vacation. In such an event, we often need to sacrifice our personal plans to be with our families, in order to research and publish t
Posted by: Wayne Huang on 8.17.2011 / Categories: Drive-by download, fake antivirus, k985ytv, Mass Injection, Web malware On August 14, we started to see mass compromise of websites to inject malicious iframes that spread fake antivirus malware. The attack is ongoing, and this is our report. [Table of Contents] [1. Summary] [2. The visitor infection process] [3. The fake antivirus being spread] [4
(Credits: Chris Hsiao, NightCola Lin, Wayne Huang) Armorize runs one of the world's largest cloud-based Web malware scanning service, OEM'd to large security and hosting companies. Recently, we've noticed increasing use of a variation of the drive-by download attack, coupled usually with 0-days. This is our technical report on the subject. We realize in recent years, "interesting" threat names hav
Posted by: Wayne Huang on 7.31.2011 / Categories: Drive-by download, Hosting attack, Mass Injection, osCommerce, Web malware On July 24th, we published our initial report on this willysy mass injection incident, which at that time hit around 90,000 pages. As of July 31th, Google shows more than 3,410,000 (willysy) + 386,000 (exero) = 3.8 million infected pages. Note this number is for individual i
Posted by: Chris on 7.25.2011 / Categories: Drive-by download, HackAlert, Mass Injection, osCommerce, Web malware (Credits: Wayne Huang, Chris Hsiao, NightCola Lin, Sun Huang, Crane Ku) (Initial post: July 24th) (Updated: July 30th with new infection number, source IP of attack, log entries, osCommerce vulnerabilities used, and more) (Updated: Aug 3rd with new video and new infection count: >6 mil
(Credits: Wayne Huang, Chris Hsiao, NightCola Lin) (Thanks to Christian Frichot and David Taylor for providing additional info) (Original post: June 15th) (Updated: Jun 28th) A quick summary: Lizamoon Sidename.js Type of attack Mass SQL Injection Mass Meshing Injection Victim criteria Victims have to be tricked into a) downloading a binary and b) executing the binary, in order to be infected. Vict
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く