| 06 |
| Sep |
Article from Rik Ferguson
Filed under: Hacking,malware,Site Compromise | RSS 2.0 | TB | Tags: compromise, cybercrime, hack, hacked, malicious code, malware, vulnerability, web, ZeuS | 4 Comments
The eagle-eyed harmony guy spotted about an hour ago that some malicious code had been added to the WordPress installation over at TechCrunch Europe.
Web reputation breaks the infection chain
The code redirects to a host which is serving up malicious PDF files. The PDFs are designed to exploit a vulnerability which leads to the download of that Poison Ivy of the criminal underworld, ZeuS.
The malicious server is hosted by Netdirect over in Frankfurt Germany, a provider with a relatively colourful history of their own.
The file itself has very low detection rates at present and only serves to underline the need for a security solution that considers the threat as a whole instead of focusing on one aspect of the threat.
If you’re using our stuff, you’re safe, the redirection to the bad host never happens and you never see the malicious file.
The folks at TechCrunch have been made aware and we hope they clean up their WordPress installation soon.
Related posts:
- Pakistani National Response Center for Cyber Crimes… Hacked!
- Google, China, Chicken Little and Cyber Armageddon.
- Twitter.Grader.com hacked?
- Twitter (not) hacked by Iranian Cyber Army
- YES the partner friendly exploit system.
| TechCrunch Europe hacked!!!: Tuesday, 7. September 2010 um 11:56 am |
|
|
[...] http://www.theregister.co.uk/2010/09…hchrunch_zeus/ http://countermeasures.trendmicro.eu…europe-hacked/ VT analysis http://www.virustotal.com/file-scan/…19b-1283786063 Reply With [...] |
|
| Jonathan: Friday, 17. September 2010 um 7:56 pm |
|
|
Any chance this was a warning shot? Zone Alarm announced the threat zeus.zbot.aoaq today, which key logs banking user names and passwords. In august the zeus bot stole 1 million pounds from 100,000 British online bank customers according to this podcast by Which also begs the question, was Chase’s online banking hit by zeus? They have 16.9 million online banking customers. No one is talking about it. Just curious. |
|
| Rik Ferguson: Saturday, 18. September 2010 um 9:57 pm |
|
|
Hi Jonathan, Zeus or ZBOT is a crimeware toolkit that has been around since 2006 and is probably the most widely used information stealing bot out there today. The announcement by Checkpoint/Zone Alarm was a littel disingenuous to say the least. ZeuS like most other malware is constantly pack, repacked, re-encoded in order to try and avoid detection by pattern-based security tools, this is simply another of the thousands of variants of this old threat. I don’t want to downplay the danger that ZeuS poses, it is very nasty and very effective information stealing malware, if you want to get an idea of the3 scale of the problem, try this excellent white paper from TrendLabs http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf |
|
Tuesday, 7. September 2010 um 2:02 am
[...] http://countermeasures.trendmicro.eu/techcrunch-europe-hacked/ Published Tue, Sep 7 2010 2:01 by donna [...]