SQL injection attacks dominate first half of ‘08, and cross-site scripting (XSS) doesn't even make the list

JULY 17, 2008 | The multiple waves of mass SQL injection attacks this year on Websites -- including many high-profile legitimate ones like Wal-Mart, Business Week, and Ralph Lauren Home -- helped boost Web-borne malware volumes by 278 percent in the first half of this year, according to a new report from ScanSafe.

More than half of the malware detected by the Web security-as-a-service provider came from legit Websites rather than from notoriously scary or sketchy ones. And many of these Web attacks are silent and so tough to detect that many site operators have no clue their sites are lethal, and users often get infected without ever knowing it, according to the report.

Posted by Sean Cannon in Virus & AntiVirus News at 11:42

If you visited www.SFgov.org over the last couple of weeks, better check your computer for infections.

A security vendor, Finjan, reported Wednesday that the city's Web site was one of over 1,000 sites treating visitors to malicious code.

Other sites caught up in this latest round of Web attacks include uci.edu (the University of California at Irvine's site); Snapple.com; a site registered to the Marysville, California's police department; an ad network--atdmt.com--acquired by Microsoft; and several international sites.

Posted by Sean Cannon in Virus & AntiVirus News at 10:40

We know, it's sad but true. Our last weeks super-star, “the worm that does nothing”, has slowly declined it's spread.

We've been following it's evolution, however it seems the last version only has one additional feature: it can update itself to the latest version. It does this by exploiting the adodb.stream vulnerability in Internet Explorer to download a file from several hosts which contain instructions on the location of the new version. Although BitDefender detects this e-threat since January under the name VBS.Worm.Runauto.E it has not changed ever since. Seems like it's development stopped at version 10.0.

Nevertheless, this weeks malware evolution hasn't stopped with our friendly worm. Next we will look at a worm called Win32.Antiman.N. If infected with it, the victim will surely be ridden of a certain genre of music called "manele". It searches the entire hard disk for most "manele" artists and and will delete them. Next it will add a lot of entries to the %windir%system32drivershosts file to block social networking websites, like hi5 and netlog, and many free download websites that provide this genre of music. It will also send itself to the whole Yahoo Messenger list using a set number of strings in Romanian language that state something like: “I found a great new program for winamp (or for pictures).”

Posted by Annette King in Adware, Spyware and Trojans at 15:06

An e-mail informing recipients that they have a package that the United Parcel Service could not deliver is actually a new computer virus, company officials said.

The e-mail that appears to come from UPS contains an attachment that recipients are told to open in order to make arrangements to pick up their shipment, UPS officials said.

The attachment is actually a computer virus, the company said.

Posted by Sean Cannon in Adware, Spyware and Trojans at 11:27