Hacked HostGator Sites Distribute IE VML Exploit

["Fergie" <fergdawg () netzero net>]

Just wait until Monday -- this _will_ get very, very bad.

Via Netcraft.

[snip]

Hackers have hijacked a large number of sites at web hosting firm
HostGator and are seeking to plant trojans on computers of unwitting
visitors to customer sites. HostGator customers report that attackers
are redirecting their sites to outside web pages that use the unpatched
VML exploit in Internet Explorer to install trojans on computers of
users. Site owners said iframe code inserted into their web pages was
redirecting users to the malware-laden pages.

HostGator general manager Jason Muni told Security Fix that attackers
had "reconfigured an unknown number of Web sites hosted on the
company's servers to redirect visitors to a third-party Web site that
tried to load the IE exploit." Muni said the company reconfigured all
of its 200 servers to address the problem. But as of 5:30 pm EST
Friday, some HostGator customers were continuing to report that their
sites were compromised and redirecting visitors, indicating the problem
had not been fully resolved.

[snip]

more:
http://news.netcraft.com/archives/2006/09/22/hacked_hostgator_sites_distribute_ie_exploit.html

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.