Peaches Posted June 16, 2010 Report Share Posted June 16, 2010 15 June 2010, 13:12 Mass website hack aimed at online gamers According to the latest analysis, the mass web site hacks which have been showing up over the last week are aimed at stealing access credentials for online games. The hackers' most prominent victims serving the malware have been the Wall Street Journal and the Jerusalem Post web sites. The hacked web servers are all Microsoft Internet Information Server (IIS) and ASP-NET-based, but analysis by a number of security services providers has shown that the attacker has used SQL injection vulnerabilities in custom web applications to hack the websites. Administrators are advised to check their systems for any signs of interference and tampering. The SQL injection vulnerability allows attackers to write their own HTML and Javascript to the hacked sites content management system's database. Specifically, the attackers embedded code which uploads an exploit for the recently discovered vulnerability in Flash Player into an iFrame. The attackers code then tries to infect the hacked sites visitors' systems with trojans. It appears the attackers objective is to steal access data to Asian gaming websites such as aion.plaync.co.kr, aion.plaync.jp and df.nexon.com. The Flash Player vulnerability has been fixed in version 10.1. Details - http://www.h-online....rs-1022506.html Quote Link to post Share on other sites
Peaches Posted June 16, 2010 Author Report Share Posted June 16, 2010 ~ bump ~ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.