Public Web Services Being Hacked.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Public Web Services Being Hacked.

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Public Web Services Being Hacked.

    We've just witnessed a hacked european ad server infect internet explorer users. Thousands, if not millions of computer systems could have been compromised in one single hack.

    In general, crackers have become more and more sophisticated with their attacks and their tagets. Could these style of attacks become the next big thing?

    For years crackers have taken their shot at compromising high profile web services that have become almost a utility. Just like the light and water, people expect for Google, Yahoo, RSS Feeds, and every other web service to be there - On Demand. These popular webservices are some of the most dangerous services if they would ever become compromised. Imagine using your Google toolbar, only for the results to return a webpage with the latest 0-day exploit compromising your OS, or same exploit being delivered right to your favorite news site via an RSS Feed.

    I'd been thinking about what the future of our web is going to hold. I started this thread to get some feed back on what's been going on and what we might look forward to. Thanks for your feedback and responses.



    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Learn to think like your enemy....

    Then it all becomes clear....

    You need to abuse what is out there to maximize your impact.... think about what maximizes that impact.... Abuse what will be most effective....

    Work from there....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    This type of attack where banner ads are infected is exactly what the future is going to look like IMO. Infect sites/machines that are visited by lots of PCs, get them to distribute your malware and boom: tons of zombies to use to distribute your SPAM and viruses.

    My company has had several infections using the latest unpached IFRAME vulnerability and the amount of crap loaded/installed on the infected machines was unbelievable: tons of downloader trojans, spyware, adware, browser hijacks, and a handfull of backdoors. Not to mention processes which keep restarting once killed.

    It appears to attempt many many different exploits to hack the system. I know this because I put up a Win2K Pro box with patch level up to SP4 only and went to one of the sites to see watch what happened. Tons of installs and popups going by and many IP addresses visited (about 30) just by going to one site which is infected with the IFRAME vulnerability.

    It took about 4 hours of work to clean one of these machines and only with determined persistance were we able to be successfull.

    I'm currently reviewing our firewall logs to see if any other PCs are infected...doesnt look good as am finding a good 20 more

    If you are in curious what IPs to look for in your firewall logs, here are the IPs I found during my forensics work **WARNING: THESE IPS ARE CONSIDERED DANGEROUS**...you were warned...

    209.66.123.187 (x.full-tgp.net, fresh-teens.net)
    216.127.33.119 (slotch.com --spyware crap site)
    209.8.24.146
    64.94.110.11
    12.158.80.10
    64.37.246.4
    64.94.137.51
    209.164.32.205
    67.19.51.10
    64.62.181.83
    64.62.181.84
    64.236.42.112
    64.236.42.80
    195.225.177.13

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    From my understanding, there hasn't been a patch for this IE exploit, I hope people's antivirus will protect their systems from the trojans and viruses that accompany this attack.



    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Actually, WinXP with SP2 is not vulnerable to the IFRAME exploit.

  6. #6
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    this thread is a indication of how hackers are getting smart after hacking a web site(getting root) a attacker would do?a newbie would just deface it but a pro would try to gain economical advantages from that situation or atleast infect visiters pc's with backdoor in order to gain there SSN and other private information like password files or cc information that might be stored there...

    what would one do if he hacks a porn site asking for users credit card information in order to give them access to the material?guess.......
    nobody is perfect i am nobody

  7. #7
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Exclamation M$ IFRAME Vuln Patched!

    FYI: M$ has responded, 1 week earlier than monthly patch day, with patch for IFRAME vulnerability. YEAH!!!

    Thanks M$.

    mo posted it here: http://www.antionline.com/showthread...hreadid=264294
    Microsoft link here: http://www.microsoft.com/technet/sec.../ms04-040.mspx

  8. #8
    Banned
    Join Date
    Jul 2004
    Posts
    119
    well if u havent read, microsoft said to ditch IE and go to mozilla/firefox. the post is in the forums.....sorry i cant give the exact link. but its true

  9. #9
    Banned
    Join Date
    Jul 2004
    Posts
    119
    addition: seems microsoft knows open source programs are better, since hackers and the like work on all of the components to provide a better program, since hackers know hackers.

  10. #10
    Banned
    Join Date
    Apr 2004
    Posts
    843
    this thread is a indication of how hackers are getting smart after hacking a web site(getting root) a attacker would do?a newbie would just deface it but a pro would try to gain economical advantages from that situation or atleast infect visiters pc's with backdoor in order to gain there SSN and other private information like password files or cc information that might be stored there...

    what would one do if he hacks a porn site asking for users credit card information in order to give them access to the material?guess...
    How the hell would you know... your not "a pro" at anything... your not even |The|Specialist.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •