Cyberspace was so busy churning out facts yesterday that our Handler on Duty, Donald Smith furiously posted diary entries to keep you informed. So, I thought I would take a moment to summarize the events of April 22 and further elaborate on the situation.
So there you have it, new spam, Google agenda, social networking css and a bot. Another day in the life… But, all that was all so yesterday, today we have several situations arousing attention from our readers. First off today, Heather wrote in to tell us about US Cert releasing an advisory yesterday afternoon concerning a malicious website injecting javascript which infected many UK and a UN site. Websense alerted about it here. They analyzed the malware and concluded that it is related to our story by Bojan. We recommended mitigations for the situation here. Then, Andrew from Vancouver wrote in to tell us about his experience with a Wordpress Blog infection that let spammers insert hidden text into the Wordpress (several versions) powered sites. While not widespread, the technique is interesting and should allow us the opportunity to discuss these methods of attack. Further information is revealed on a Tech Side Up blog. Another reader sent in an old “download this” scam which has seemed to have migrated itself to a Skype chat. The following information is used to get the user to click on the included link which downloads the Downloader Trojan. Your AV should catch the download of this old nasty, but the new delivery vector should be added to the warnings to users through your security awareness programs.
"[4:09:40 PM] Software Update ® says: WINDOWS REQUIRES IMMEDIATE ATTENTION That sums it up! With all this activity, let us know what you are seeing out there. Fair winds,
Mari |
Mari Nichols 76 Posts Apr 23rd 2008 |
Thread locked Subscribe |
Apr 23rd 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!