coldtobi's blog

• Main
• Archives
• Albums
• Links
• Admin

• Blog and Website [94]
• DSL RAM [2]
• Electronics and Atmel AVR [11]
• fanctrl [3]
• General [8]
• German [1]
• La Fonera [22]
• Lifetype [17]
• Linux / Debian [33]
• Monetizing A Blog [8]
• my 2 cents [15]
• Netzfunde [18]
• Nice Links [1]
• solarpowerlog [2]
• Thecus N2100 [16]
• Tips and Tricks [18]

• N2M: parallel build dpkg-buildpackage and pdebuild
• Windows CE: Assertion failed in wincore.cpp line 1034
• CakePHP: Baking a Application in Minutes
• Enabling InnoDB support in debian (MySQL)
• Flattr.
• Pollin Net-IO PHP Library
• Link to safe

• RSS 0.90
• RSS 1.0
• RSS 2.0
• Atom

• Privacy Policy
• Disclosure Policy

Admins, check your site!

Today, an hacker group 0wned 11k Servers around (mostly) in Europe. There, ahotspot seem to be in Italy.However, also sites in the US are not imune.

I just read this in the news, and instanstly checked my own sites. No Panic, they're clean. And if defrer using an (not-uptodate-patched) Internet Explorer, you're fine off, too. 

However, as I am interested in computer forensic, I checked the web for details: 

The attackes seemed to started Friday, early in the morning. The seem to utilise a multi-exploit, script-kiddie-ready(tm) hacker kit, called Mpack.  Computerworld writes about the Mpack:

Attackers taint compromised web sites with code that redirects visitors to a server hosting the Mpack kit - a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working, and against what countries' domains.

As an example, the tool is able to expoit the "Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability", for which alone 7 exploits are listed at this site.

As common in these days, the spread viruses and tojans does not directly harm the end user. But they do usual-suspect-activites: Keylogging, Phishing, Spamming etc, etc.

How the bad guys infiltrated the servers is currently quite unkow. It seems that there is either tons of badly configured servers out there, or there is a new unknown exploit at server level. 

The problem is, that some major websites are targeted, so its a easy drive-by infection, if you are not cautionous. And, keep your system updated! If your Virus Scanner is older than a week, update it. Install all patches. Switch to linux. Get 0wned. Your choice.

(Best is, you install firefox right away)