Content - Sidebar

Professional hackers at large

Published September 25, 2007 by Me

A group of hackers using a commercial hacking program (MPack) are on the loose, and causing some considerable concerns amongst web-site owners and hosting companies.

They are accessing multiple web sites to add code directly to the main index pages, which closes down the browser window and brings up a pop-up window advising the user that they have virus / spyware / porno files on their computer, and they need to download and run a cleaner (typically DiskCleaner or WinCleaner).

If the unsuspecting user takes the offer of the download they actually get a keystroke logger installed, and away goes such info as bank details, passwords, etc, etc. It also installs a cookie which returns them back to the hacker’s site at random intervals to get infested again.

The MPack software is clever – It is being sold on Russian forums at $1000 a go with a year’s support, and is being updated almost monthly to exploit new vunerabilities in various browsers and other software.

The hackers are also testing the passwords they gather to see if the same password is good for root, control panel or mail access.

Several high-profile web sites have been affected, including a USA Consulate Office web site, the Sydney Opera House, the Chinese Internet Security Response Team web site (www.cisrt.org), and the Bank of India who had to close their web site down for a week while they cleaned out the offending code.

Suggestions:

1) Check your web site(s) for a new piece of code, particularly directly under the <body> tag, or some Java code at the foot of the pages, and if it’s there remove it immediately.

2) Make sure that you use different intricate passwords unique to each part of your site(s) – Different ones for FTP, root, control panels, mail, etc, etc.

We have also heard of at least two hosting companies or server suppliers who have had their customer support software hacked, compromising customer login and password details – An ideal route for the hackers to gain access to thousands of web sites to add their code.

This isn’t a new threat, but it is suddenly picking up speed – The added code is even being picked up by search engine bots.

When did YOU last change your passwords?

Related links:

Filed under Hackers, iframe, security

Comments (0)

Comments RSS - Trackback - Write Comment

No comments yet

Write Comment

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution. Note that, due to spam, all comments are held for moderation so, if you're a spammer, either Askimet will plunge your cr@p to the depths of hell, or I will.