New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online.
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 20)
· Marcia's (QA2)
· Bill G's (CO8)
· Paul's (AR 5)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· Recommend Us
· RegChat
· Reviews
· Search (Topics)
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 369
Comments: 9
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image Web Hosts: Security HeadLines: Security Breach at Web Host Leaves Sites at Risk image
Web Hosts
Security Breach at Web Host Leaves Sites at Risk
By JAIKUMAR VIJAYAN
SEPTEMBER 08, 2003

An administrative error at Web hosting provider Interland Inc. may have caused thousands of hosted sites to become infected with malicious code.

Visitors to those infected Interland-hosted sites were in turn vulnerable to having their systems compromised by code that could allow them to be turned into proxy servers, a security expert said last week.

Atlanta-based Interland manages over 7,000 servers and hosts more than 250,000 Web sites for predominantly small and medium-size businesses. Jeff Reich, director of security at Interland, last week confirmed that a security breach caused disruptions in service for many of the hosted sites during the last week of August.

Reich said the security breach resulted in malicious HTML code being injected into the footers that appear at the bottom of Web pages hosted on Interland's servers. The code prevented infected Web pages from loading properly, causing some sites to become unavailable.

The company learned of the problem on Aug. 28 when customers called to complain of service disruptions, according to Reich. What started as a small-scale problem quickly became a large-scale event, he said, declining to specify how many sites may have been affected. He said he believes that by Sept. 4, the problem was no longer affecting customers.

I can definitely say it was an administrative error that allowed this to occur, Reich said, without elaborating. From a customer perspective, we don't see this as being caused by any inherent problem with the products or services Interland uses, he added.

We had problems with the Web site, said Tony Johnson, webmaster at Trinidadexpress.com, an online newspaper hosted by Interland that covers Trinidad and Tobago and is based in Port of Spain. We've had our servers at Interland needing rebooting manually due to their inaccessibility through Microsoft Corp.'s Windows Terminal Server, Johnson said in an e-mail. Although Interland posted information about some sites experiencing problems, it hasn't explained what might have caused them, he added.

As many as 5,000 sites per day may have been infected before Interland had a chance to fix the problem, said Joe Stewart, a senior security researcher at Lurhq Corp., a managed security services provider in Chicago. Lurhq began tracking the problem Aug. 28 when it began noticing traffic on newslists about service disruptions for sites being hosted by Interland.

According to Stewart, the HTML code that was appended to the footers contained instructions that would cause an executable program to be downloaded from another location to vulnerable systems belonging to those who visited the infected sites. The code took advantage of a flaw, disclosed on Aug. 20, in several versions of Microsoft's Internet Explorer browser [QuickLink a3620].

Once installed on a victim's system, the program would then proceed to download a proxy server onto it, Stewart said. The proxy server allowed hackers to hide behind innocent third parties when engaging in illegal activities such as identity theft, he said.

The owner of the site from which the executable program was downloaded had a Ukrainian address and runs a site that trades stolen credit card information, Stewart said.

In addition, the Houston-based location from which the proxy server is downloaded has been associated with a Trojan horse program known as MigMaf, Stewart added. MigMaf enables infected systems to retrieve porn ads from adult sites.

Hosting companies get defaced all the time. This time, it appears Interland got defaced with malicious code, Stewart said.

Reich said that the company had heard anecdotes about users being redirected to sites that downloaded malicious code, as described by Stewart. But no actual instances have been reported to the company, he said.


CW
Posted on Tuesday, 09 September 2003 @ 05:00:00 EDT by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Microsoft
· Microsoft
· HotScripts
· Linux Manuals
· W3 Consortium
· HTML Standard
· More about Web Hosts
· News by phoenix22


Most read story about Web Hosts:
Security Breach at Web Host Leaves Sites at Risk

image
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

Send to a Friend  Send to a Friend
image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register