funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Attacks on Unpatched IE Flaw Escalate

From: "Richard M. Smith" <rms () bsf-llc com>
Date: Mon, 27 Mar 2006 13:38:42 -0500
http://blog.washingtonpost.com/securityfix/2006/03/attacks_on_internet_explo
rer_f_1.html

Attacks on Unpatched IE Flaw Escalate

More than 200 Web sites -- many of them belonging to legitimate businesses
-- have been hacked and seeded with code that tries to take advantage of a
unpatched security hole in Microsoft's Internet Explorer Web browser to
install hostile code on Windows computers when users merely visit the sites.

...

According to a list obtained by Security Fix, hackers have infected at least
200 sites, many of which you would not normally expect to associate with
such attacks (i.e., porn and pirated-software vendors). Among the victims
are a regional business council in Connecticut, a couple of vacation resorts
in Florida, a travel-reservation site, an online business consultancy, an
insurance company, and a site featuring things to do at various cities
across the country.

On Friday, hackers broke into the Web site of shipping company
DLPromotionFreight.com and planted code that attempted to use the flaw to
steal user names and passwords stored by IE. Yaniv Zahavi, chief technology
officer for Intermakers Inc., the Plantation, Fla., company that manages the
site, said it appears that only a handful of customers browsed the site
during the few hours the attack code was present.

Security Fix learned the location of one Web site being used as a virtual
drop box for user name and password data stolen from people who'd visited
the network of hacked sites (the SANS Internet Storm Center has a great post
detailing exactly what one of these data-dump reports looks like). One of
those victims was Abdel Marriez, a truck driver from Astoria, N.Y. The
malicious program stole credit card information and credentials he used to
access his e-mail online.

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: