Mass website hack aimed at online gamers


Recommended Posts

15 June 2010, 13:12

Mass website hack aimed at online gamers

According to the latest analysis, the mass web site hacks which have been showing up over the last week are aimed at stealing access credentials for online games. The hackers' most prominent victims serving the malware have been the Wall Street Journal and the Jerusalem Post web sites.

The hacked web servers are all Microsoft Internet Information Server (IIS) and ASP-NET-based, but analysis by a number of security services providers has shown that the attacker has used SQL injection vulnerabilities in custom web applications to hack the websites. Administrators are advised to check their systems for any signs of interference and tampering.

The SQL injection vulnerability allows attackers to write their own HTML and Javascript to the hacked sites content management system's database. Specifically, the attackers embedded code which uploads an exploit for the recently discovered vulnerability in Flash Player into an iFrame. The attackers code then tries to infect the hacked sites visitors' systems with trojans. It appears the attackers objective is to steal access data to Asian gaming websites such as aion.plaync.co.kr, aion.plaync.jp and df.nexon.com. The Flash Player vulnerability has been fixed in version 10.1.

Details - http://www.h-online....rs-1022506.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...