Feeds

Articles about Drive-By Download

The Register breaking news

Creditsafe suspends website in wake of drive-by download attack

UK credit reference and credit recovery agency creditsafe.co.uk took its site offline on Tuesday, as a precaution, following a hacking attack. The site remains offline at the time of writing on Wednesday afternoon. Miscreants planted malicious code on Creditsafe Limited's1 website. This code had the effect of redirecting surfers …
John Leyden, 15 Jun 2011
The Register breaking news

New script outstrips all other drive-by download risks

A newly-created malicious script has become the source of almost half the drive-by download attacks tracked by one security firm. JSRedir-R accounts for around 43 per cent of all malicious infections found on websites over the last week, according to a study by net security firm Sophos, published on Thursday. The malware crops …
John Leyden, 15 May 2009

jQuery site popped to serve malware slop

The jQuery site served credential-stealing malware to scores of users who visited the website on September 18, researcher James Pleger says. The super-popular JavaScript library was used by 30 percent of websites including 70 percent of the 10,000 most popular sites which may have been compromised by the RIG exploit kit. jQuery …
Darren Pauli, 24 Sep 2014
The Register breaking news

Latin Best Buy surfers sprayed by drive-by download malware

Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers. The villanos have manipulated the page that allows surfers, visiting the site from Latin America, to select language preferences between either Spanish or English. Beneath layers of concealment, surfers are redirected …
John Leyden, 03 Jul 2009

Browser makers throw up drive-by download barriers

Opera has partnered with Haute Secure in a bid to defend surfers from drive-by download attacks. Haute Secure's technology will be bundled in Opera 9.5, bolstering the Norwegian firm's existing Fraud Protection technology with software designed to block malware downloads from compromised websites. Opera 9.5, codenamed Kestrel, …
John Leyden, 09 Jun 2008
Malware

Car makers, space craft manufacturers infected with targeted recon tool

Researcher James Blasco is warning the auto and aerospace industries against engineering software that's been compromised by keystroke-logging and reconnaissance malware. Blasco says an un-named provider of such software was compromised after a staffer visited a watering hole website that was established specifically to lure …
Darren Pauli, 03 Sep 2014
Cryptowall ransomware notice

KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION

Victims of the CryptoWall ransomware have been extorted out of at least $1m. Despite a takedown operation in June, CryptoWall continues to be the largest and most destructive ransomware threat on the internet, according to the latest analysis of the threat by security researchers from Dell SecureWorks Counter Threat Unit. …
John Leyden, 29 Aug 2014
cloud

Drive-by download attack mows down thousands of websites

Miscreants are exploiting website vulnerabilities to booby-trap thousands of legitimate sites. The mass attack, thought to be the work of hackers based in China, hit between 2,000 and 10,000 Western servers at the end of last week alone, Russian net security firm Kaspersky Labs reports. Most of the hacked sites run Microsoft ASP …
John Leyden, 10 Nov 2008
For Sale sign detail

Tennis sites hit by drive-by download attacks

Two high-profile tennis websites are among scores of victims of a new wave of SQL injection attacks. The website of game regulators ITF and ATP, the professional players tour, were hit by automated attacks in the run-up to this week's Wimbledon championship. The ITF (International Tennis Foundation) website has since been …
John Leyden, 25 Jun 2008
The Register breaking news

Drive-by download attacks menace UK.gov

The number of drive-by download attacks has tripled and they are beginning to affect government websites as well as small business operations. Malicious downloads from compromised websites have replaced infected email attachment as the favourite tactic for malware authors. During the first half of 2008, web security firm Sophos …
John Leyden, 23 Jul 2008

Euro 2008 sales site in drive-by download attack

Hackers have successfully planted malware on a website selling tickets for the upcoming Euro 2008 Championships. The site of European ticket re-sale firm euroticketshop.com was infected by Trojan horse malware in a bid to infect soccer-loving surfers with insecure PCs. This drive-by malware style of attack is growing …
John Leyden, 31 Mar 2008
The Register breaking news

Pirate Bay beset by tainted ads

A hack on ad servers used by the Pirate Bay is exposing visiting surfers to malware. Site vulnerabilities in the ad delivery systems used by the torrent tracking site were exploited to plant malicious scripts, causing sections of the site to be blacklisted and blocked by Google (see here) and various security utilities. …
John Leyden, 14 Sep 2010

Fiendish Internet Explorer 10 zero-day targets US soldiers

Cyberspies have used an unpatched vulnerability in Internet Explorer 10 in an exploit which appears to target US military personnel. Among three high-priority updates in the most recent Patch Tuesday (11 February) was a cumulative fix for Explorer which addressed a whopping two dozen different memory corruption vulnerabilities …
John Leyden, 14 Feb 2014
Cloud security image

Skiddies turn Amazon cloud into 'crime-as-a-service' – security bod

Amazon Web Services' share of cloud-hosted malware-slingers has more than doubled in the last six months. That's according to NTT subsidiary Solutionary, which revealed the finding in its Q2 2014 Security Engineering Research Team (SERT) report published on Tuesday. The infosec researchers said that, out of the top ten ISPs and …
Jack Clark, 17 Jul 2014
QuickTime X Player

Apple slams shut TEN code execution holes in QuickTime on Windows

Apple has patched security vulnerabilities in the Windows version of its QuickTime media player that allowed malicious video files to execute arbitrary code. The entertainment goliath said version 7.7.5 of QuickTime will fix 10 serious bugs that can be exploited to crash the software or pull off remote-code execution on Windows …
Shaun Nichols, 28 Feb 2014

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Hackers using a Trojan seized control of over 25,000 Unix servers worldwide to create a potent spam and malware distribution platform. The attack, dubbed Operation Windigo1, was uncovered by security experts at anti-virus firm ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing, as well as …
John Leyden, 18 Mar 2014

Your browser may be up to date: But what about the PLUGINS?

Two in five (39 per cent) of computers submitted for testing to a free browser security test from Qualys were affected by critical vulnerabilities, mostly related to browser plug-ins. The findings, based on 1.4 million BrowserCheck computer scans, paint a picture of e-commerce buyers left wide open to attacks by cybercriminals …
John Leyden, 02 Dec 2013

PHP.net resets passwords after malware-flinging HACK FLAP

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits. Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were …
John Leyden, 25 Oct 2013

Beware the ad-punting crapware-laden Firefox, warn infosec bods

Internet users looking for a US Green Card are at risk of being conned by a fake advert into installing an adware-laden version of Firefox, security researchers have warned. The ruse was spotted over the weekend after it began appearing in online ads peddling supposed US Green Card lotteries. Regardless of what make or version …
John Leyden, 13 Aug 2013
channel

Drive-by download menace spreading fast

Booby-trapped web pages are growing at an alarming rate with unsuspecting firms acting for nurseries for botnet farmers, according to a new study. Security watchers at Sophos are discovering 6,000 new infected webpages every day, the equivalent of one every 14 seconds. Four in five (83 per cent) of these webpages actually belong …
John Leyden, 23 Jan 2008
The Register breaking news

Facebook app flaws create Trojan download risk

Grey-hat hacker Unu has discovered cross-site scripting vulnerabilities involving Facebook applications, of a type that might be used to distribute Trojan horse malware or launch other hacking attacks. The Romanian hacker - well known for identifying security flaws in the websites of banks, security firms and the UK parliament …
John Leyden, 21 Sep 2009

Stale Blackhole leads to dried-up spam, claim badhat-probers

Security researchers at Trend Micro reckon that Blackhole, cybercrooks' preferred tool for running drive-by download attacks from compromised websites, is no longer being updated. This means the utility - which was available for rent at around $50 a day - has quickly gone stale. Nature abhors a vacuum, though, and malware- …
John Leyden, 12 Nov 2013

Facebook coughs up $33.5k... its BIGGEST bug bounty EVER

Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
John Leyden, 24 Jan 2014
Warning: biohazard

Mass compromise powers massive drive-by download attack

More than 10,000 web pages have been booby trapped with malware in one of the largest attacks of its kind to date. Compromised web pages include travel sites, government websites, and hobbyist sites that have been modified with JavaScript code that silently redirects visitors to a site in China under the control of hackers. …
John Leyden, 13 Mar 2008
hands waving dollar bills in the air

Drive-by download attack compromises 500K websites

More than half a million web pages have been compromised with malware as part of a new attack, Trend Micro warns. Badly configured PHP bulletin board applications are being used to plant malicious JavaScript on web forums. The JavaScript is used to push variants of the Zlob Trojan that come disguised as a video codec installer …
John Leyden, 13 May 2008
Warning: slippery road

Unpatched RealPlayer bug paves way for drive-by downloads

An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks, which hackers use to trick prospective marks into visiting maliciously constructed websites. The vulnerability stems from coding errors in a RealPlayer ActiveX control (rmoc3260.dll), which enables content to be played within a user's …
John Leyden, 12 Mar 2008

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013
balaclava_thief_burglar

Moscow cops cuff suspect in Blackhole crimeware bust

The infamous Blackhole Exploit Kit has gone dark following the reported arrest in Russia of a suspect whom police believe is linked to the malware. Blackhole has been the preferred tool for running drive-by download attacks and therefore a menace to internet hygiene for the last three years. A suspect linked to Blackhole was …
John Leyden, 10 Oct 2013
The Register breaking news

Internet Explorer bug patched only a week ago now being exploited

Hackers have latched onto a vulnerability in Internet Explorer patched by Microsoft last week as a useful way to spread malware. The vulnerability is CVE-2012-1875 – which was patched in MS12-037 as part of the June edition of Microsoft's Patch Tuesday – and it is being exploited in the wild. Attacks are typically delivered by …
John Leyden, 19 Jun 2012

Java updates too much of a bother? Maybe online banking's just not for you

Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
John Leyden, 23 Sep 2013
The Register breaking news

Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities. Five of these bulletins reveal critical holes in the software giant's products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation …
John Leyden, 13 Feb 2013
The Register breaking news

Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE

The recent volatility in the value of Bitcoins hasn't prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers. Security researchers at ThreatTrack Security have uncovered examples where the infamous Blackhole exploit kit is being used to distribute a …
John Leyden, 18 Apr 2013
The Register breaking news

Evildoers can now turn all sites on a Linux server into silent hell-pits

An advanced Linux malware strain can automatically hijack websites hosted on compromised servers to attack web surfers with drive-by-downloads. The software nasty targets machines running 64-bit GNU/Linux and a web server, and acts like a rootkit by hiding itself from administrators. A browser fetching a website served by the …
John Leyden, 21 Nov 2012
The Register breaking news

Blackhole 2: Crimeware kit gets stealthier, Windows 8 support

Cybercrooks have unveiled a new version of the Blackhole exploit kit. Version 2 of Blackhole is expressly designed to better avoid security defences. Support for Windows 8 and mobile devices is another key feature, a sign of the changing target platforms for malware-based cyberscams. The release also includes a spruced-up user …
John Leyden, 13 Sep 2012
balaclava_thief_burglar

'Neverquest' bank-robber 'ware throws the whole Trick Book at victims

A new banking trojan that its creators brag can attack “any bank in any country” has already been blamed for several thousand attempts to infect computers. The Neverquest banking trojan supports almost every trick used to bypass online banking security systems, including web injection, remote system access and social engineering …
John Leyden, 29 Nov 2013
balaclava_thief_burglar

Stolen CREDIT CARD details? Nah... crooks desire your PRIVATES

Prices on underground cybercrime marketplaces are dropping, with credit card details now in less demand than the personal data of individuals, according to a new study. And even personal details and bank account credentials are getting cheaper to buy on underground hacker markets, according to a study by Dell SecureWorks’ …
John Leyden, 22 Nov 2013
The Register breaking news

US military access cards cracked by Chinese hackers

A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers. Smart cards are a standard means of granting active duty military staff, selected reserve personnel, …
John Leyden, 13 Jan 2012
The Register breaking news

Cyberspies send ZOMBIES to steal DRUGS from medical research firms

Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research. According to a current US counterintelligence report which it delivered to US Congress, healthcare services and medical equipment are expected to be two of the five …
John Leyden, 21 Mar 2013
The Register breaking news

Microsoft to slap 9 patches on Windows junkies on Tuesday

Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle. The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT. The first of the two critical updates covers all …
John Leyden, 05 Apr 2013
The Register breaking news

Unpatched web vulns turn internet into drive-by warzone

The compromise of corporate websites with malicious code and browser exploits became the preferred method for distributing malware last year, according to the annual security report from IBM's ISS security tools division. Cybercriminals are turning businesses against their own customers in the ongoing effort to steal data, the X …
John Leyden, 03 Feb 2009
The Register breaking news

Amnesty International UK site flung Gh0st RAT at surfers after hack

Amnesty International UK's website was hacked early this week in an assault ultimately geared towards planting malware onto the PCs of visiting surfers. Malicious Java code was planted on the site in a bid to push the Gh0st RAT Trojan onto vulnerable Windows machines. If successful, the attack plants malware onto machines that …
John Leyden, 11 May 2012

Patch Tuesday: And EVERY version of IE needs fixing AGAIN

June's Black Tuesday patch update from Microsoft has rolled into town with five bulletins, including a solitary critical update that tackles flaws in all supported versions of Internet Explorer. The IE update (MS13-047) grapples with 19 vulnerabilities and covers all versions of IE, from IE6 to IE10, on all supported versions of …
John Leyden, 12 Jun 2013
The Register breaking news

Firefox and Opera squish big buffer overflow bugs

It's time to update alternative browser software again, with new releases of Firefox and Opera out this week. Firefox 17, released Tuesday, features improved support for social networking functions, such as Facebook Messenger, as well as new features to prevent blacklisted extensions from running without user permission. Support …
John Leyden, 22 Nov 2012
The Register breaking news

Paris Hilton website violated by Trojan-spreaders

Virus authors reportedly planted malicious code on Paris Hilton's website late last week. Following the attack, surfers visiting the ParisHilton.com site were prompted to install an "update" via a dialogue box. Whether they accepted this update or decided to "cancel" it, a download of a malicious executable was initiated, …
John Leyden, 13 Jan 2009
The Register breaking news

Flash cache exploit debuts in Amnesty attack

Miscreants have deployed a subtle variant of the well established drive-by-download attack tactics against the website of human rights organisation Amnesty International. In traditional drive-by-download attacks malicious code is planted on websites. This code redirects surfers to an exploit site, which relies on browser …
John Leyden, 19 Apr 2011
The Register breaking news

Adobe Reader 0-day exploit surfaces on underground bazaars

Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …
John Leyden, 08 Nov 2012
Windows XP

Cyber crims smash through Windows into the great beyond

Windows has been a beleaguered piece of software over the years. That is because malicious hackers, like everyone else, want to walk the simplest path to the greatest glory. Microsoft’s operating system has been the most popular one for the past 20 years, so it has attracted the most malware. One IT professional told The …
Tom Brewster, 29 May 2014
The Register breaking news

Adobe muzzles TWO zero-day wild things with emergency Flash patches

Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word …
John Leyden, 08 Feb 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
The Register breaking news

Microsoft Santa gifts you with 5 critical fixes in Xmas Patch Tuesday

December's Patch Tuesday brought seven bulletins from Microsoft, five of which cover critical security vulnerabilities. A critical update for MS Word (MS12-079) is rated by security watchers as the most important of the batch. A flaw in Rich Text Format (RTF) processing poses a severe risk because Microsoft Outlook automatically …
John Leyden, 12 Dec 2012