Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Random JS rootkit, Threat to webservers, and end users


You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Security & Virus Discussion
Reload this Page Random JS rootkit, Threat to webservers, and end users
Register FAQ Members List Calendar Mark Forums Read

Random JS rootkit, Threat to webservers, and end users
Reply
 
Thread Tools
Old 15-01-2008, 01:23   #1
cf.mega poster
 
dragon's Avatar
 
Join Date: Jan 2004
Posts: 3,071
dragon has entered a golden reputation era
dragon has entered a golden reputation eradragon has entered a golden reputation eradragon has entered a golden reputation eradragon has entered a golden reputation eradragon has entered a golden reputation eradragon has entered a golden reputation eradragon has entered a golden reputation era
Random JS rootkit, Threat to webservers, and end users
http://www.theregister.co.uk/2008/01...web_infection/

http://www.finjan.com/Pressrelease.a...Lan=1819&lan=3

Having had that thing infect my web server (we had an OSreload done so its not there now) I can say it is a real nasty piece of work, whoever created that thing needs to be locked up for a very long time.


The worrying thing is It can seemingly slip in undetected for the most part and due to the fact it only seems to inject into the site code the first time someone new visits if your not aware of it you probably wouldn't even notice its there for a long time particularly if you happened to have a lot of tabs/sites open at the same time and as it injects the code dynamially as the page is called by apache using randomly generated script it is a Real problem trying to find the cause.

Worth watching out for if your a server admin, but equally worth watching out for if your just someone browsing the web.

Will try to either load an activex (remote data services or some such), a JS expoit or a quicktime exploit among others.
__________________
It's Not a Bug It's a 'Feature'
Last edited by dragon; 15-01-2008 at 01:27.
dragon is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 11:32.


Links
Google
 
Web www.cableforum.co.uk

Contact Us - Service Status - Virgin.Net Status - Cable Forum - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0
Copyright © 2003 - 2008, Cable Forum.
(s204569790.onlinehome.info)
Copyright © 2008 Cable Forum | Hosted By 1&1 | Privacy Policy | Terms of Use Message Boards and Forums Directory