|
-
November 27th, 2004, 11:16 PM
#1
Public Web Services Being Hacked.
We've just witnessed a hacked european ad server infect internet explorer users. Thousands, if not millions of computer systems could have been compromised in one single hack.
In general, crackers have become more and more sophisticated with their attacks and their tagets. Could these style of attacks become the next big thing?
For years crackers have taken their shot at compromising high profile web services that have become almost a utility. Just like the light and water, people expect for Google, Yahoo, RSS Feeds, and every other web service to be there - On Demand. These popular webservices are some of the most dangerous services if they would ever become compromised. Imagine using your Google toolbar, only for the results to return a webpage with the latest 0-day exploit compromising your OS, or same exploit being delivered right to your favorite news site via an RSS Feed.
I'd been thinking about what the future of our web is going to hold. I started this thread to get some feed back on what's been going on and what we might look forward to. Thanks for your feedback and responses.
--PuRe
-
November 28th, 2004, 12:03 AM
#2
Learn to think like your enemy....
Then it all becomes clear....
You need to abuse what is out there to maximize your impact.... think about what maximizes that impact.... Abuse what will be most effective....
Work from there....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 28th, 2004, 04:59 PM
#3
This type of attack where banner ads are infected is exactly what the future is going to look like IMO. Infect sites/machines that are visited by lots of PCs, get them to distribute your malware and boom: tons of zombies to use to distribute your SPAM and viruses.
My company has had several infections using the latest unpached IFRAME vulnerability and the amount of crap loaded/installed on the infected machines was unbelievable: tons of downloader trojans, spyware, adware, browser hijacks, and a handfull of backdoors. Not to mention processes which keep restarting once killed.
It appears to attempt many many different exploits to hack the system. I know this because I put up a Win2K Pro box with patch level up to SP4 only and went to one of the sites to see watch what happened. Tons of installs and popups going by and many IP addresses visited (about 30) just by going to one site which is infected with the IFRAME vulnerability.
It took about 4 hours of work to clean one of these machines and only with determined persistance were we able to be successfull.
I'm currently reviewing our firewall logs to see if any other PCs are infected...doesnt look good as am finding a good 20 more 
If you are in curious what IPs to look for in your firewall logs, here are the IPs I found during my forensics work **WARNING: THESE IPS ARE CONSIDERED DANGEROUS**...you were warned...
209.66.123.187 (x.full-tgp.net, fresh-teens.net)
216.127.33.119 (slotch.com --spyware crap site)
209.8.24.146
64.94.110.11
12.158.80.10
64.37.246.4
64.94.137.51
209.164.32.205
67.19.51.10
64.62.181.83
64.62.181.84
64.236.42.112
64.236.42.80
195.225.177.13
-
November 28th, 2004, 08:22 PM
#4
From my understanding, there hasn't been a patch for this IE exploit, I hope people's antivirus will protect their systems from the trojans and viruses that accompany this attack.
--PuRe
-
November 29th, 2004, 02:03 AM
#5
Actually, WinXP with SP2 is not vulnerable to the IFRAME exploit.
-
November 29th, 2004, 07:13 AM
#6
Senior Member
this thread is a indication of how hackers are getting smart after hacking a web site(getting root) a attacker would do?a newbie would just deface it but a pro would try to gain economical advantages from that situation or atleast infect visiters pc's with backdoor in order to gain there SSN and other private information like password files or cc information that might be stored there...
what would one do if he hacks a porn site asking for users credit card information in order to give them access to the material?guess.......
-
December 2nd, 2004, 04:30 AM
#7
 M$ IFRAME Vuln Patched!
FYI: M$ has responded, 1 week earlier than monthly patch day, with patch for IFRAME vulnerability. YEAH!!!
Thanks M$.
mo posted it here: http://www.antionline.com/showthread...hreadid=264294
Microsoft link here: http://www.microsoft.com/technet/sec.../ms04-040.mspx
-
December 2nd, 2004, 04:34 AM
#8
Banned
well if u havent read, microsoft said to ditch IE and go to mozilla/firefox. the post is in the forums.....sorry i cant give the exact link. but its true
-
December 2nd, 2004, 04:35 AM
#9
Banned
addition: seems microsoft knows open source programs are better, since hackers and the like work on all of the components to provide a better program, since hackers know hackers.
-
December 2nd, 2004, 05:11 AM
#10
this thread is a indication of how hackers are getting smart after hacking a web site(getting root) a attacker would do?a newbie would just deface it but a pro would try to gain economical advantages from that situation or atleast infect visiters pc's with backdoor in order to gain there SSN and other private information like password files or cc information that might be stored there...
what would one do if he hacks a porn site asking for users credit card information in order to give them access to the material?guess...
How the hell would you know... your not "a pro" at anything... your not even |The|Specialist.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
