Had a little DNS problem with the hosting server a few days ago, that caused my blog not able to apply the CSS on the theme that I’m using.

It’s all fixed now and I’m so sorry for the little discomfort it caused.

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ Threatseeker™ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites.

This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.

Screeenshot of injected code in an injected site:

The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate.

Source: Websense

Attack isn’t considered a serious threat

With Windows being the predominant operating system in the world, it’s no surprise that it has the widest number of hacks and attacks aimed at it. As a result, Windows is often considered the least secure operating system by some users.

Windows 7 is out as a beta and the final version is expected sometime this year or early next year. Microsoft has also started to circulate the latest release candidate build of the operating system among developers and testers. Despite the fact that the operating system isn’t officially available yet, a pair of security researchers have already shown a way that a computer running Windows 7 can be completely taken over during the boot process.

Researchers Vipin Kumar and Nitin Kumar have demonstrated proof-of-concept code that the pair developed called VBootkit 2.0. The software injects code into the Windows machine during boot up and allows the complete takeover of the machine and access to all files on the system.

Vipin Kumar said, “There’s no fix for this. It cannot be fixed. It’s a design problem.”

Network World reports that while the attack allows a nefarious user to completely take over a Windows 7 computer, the attack is not a serious threat since it can’t be carried out remotely. A hacker would have to gain direct access to the computer to initiate the hack. The injected software allowing the takeover of the computer would also be erased after a reboot.

However, if the hacker had direct access to the computer, the hack would be very hard to trace. The file size needed to execute the attack is very small at 3KB and makes changes to the Windows files loaded at boot; no files are changed on the computer’s hard drive. This makes the VBootkit 2.0 software very difficult to detect.

The latest version of the software allows the attacker to increase their user privileges up to the system level and they can remove a user’s password giving access to all of the user’s files. Once the attack is complete, the software restores the user’s password to ensure the attack can’t be detected.

Source: Dailytech