back to article 40,000 sites hit by PC-pwning hack attack

More than 40,000 websites worldwide have fallen under the spell of a sneaky piece of attack code that silently tries to install malware on the machines of people who visit them, security experts from Websense have warned. The mass attack has been dubbed Beladen because beladen.net is one of the internet domains used to unleash …

COMMENTS

This topic is closed for new posts.
  1. Chris C

    Bah

    "The mass attack... used to unleash a swarm of exploits that target unpatched vulnerabilities in the Internet Explorer and Firefox browsers and programs such as Apple's QuickTime. ... so far Websense researchers have been unable to identify a common component that is being targeted."

    Who says there is a common component? If the malware uses a variety of methods to infect visitors, doesn't it stand to reason that the authors may use a variety of methods to infect the servers? With so many processes running on a single server (exim, courier, apache, php, perl, mysql, python, ruby, etc), not to mention sites' web apps such as forum software, there are many potential attack vectors. To assume that the malware will use only one attack vector to infect servers is absurd.

    "'It's all that we can assume because there is no common injection amongst all these 40,000' sites, Chenette explained. 'The only other possible explanation is the website owners have basically had their FTP credentials or account credentials compromised.'"

    A third possible explanation is that the hosting providers were compromised. I'm sure others can come up with other possible explanations. To say that there are only two possible explanations shows the intellect and the ignorance of the person making those statements.

    "Mary Landesman, a researcher at ScanSafe, said less than 0.03 percent of its customer base tried to visit a site infected by Beladen in the entire month of May."

    According to that statistic, ScanSafe has a list of all websites infected by Beladen. Perhaps she meant "tried to visit a site known to be infected by Beladen". It's omissions like that which make statistics useless.

  2. Lars Silver badge

    Quite a problem

    "Half of the websites that have email addresses listed don't respond to any security notification,"

    Well "security notification" sounds like spam or something not so secure.

  3. Pierre
    Coat

    As a proud Frenchman,

    Let me be the first to say "Où ça, ma beladen?"

    Pityful I know. I'll be going now.

  4. Charles

    @Chris C

    They said there was little in the way of a common link. Think of it this way.

    What if most of those 40K+ websites each used a different web provider? Most of the sites are owned by someone not in connection to any of the others?

    So how do you suppose 40K+ websites, each owned by someone else and hosted by different companies on different servers (supposedly all using different server software) all got compromised in such a short period, each in a seemingly different way? Either it's "typing monkeys" or someone has found a "magic bullet" zero-day vulnerability.

  5. lennie
    Coat

    so linux systems are being hacked I see

    so the apache webserver running on linux has been hacked......I thought linux was supposed to be secure.....

    mine is the one with the windows server disk in the right pocket.

  6. Geoff Mackenzie
    Coat

    @lennie

    "the sites were penetrated by sneaking key-logging programs onto the PCs of people who maintain the sites"

    Also, users running Firefox on Linux seem to be in the clear as usual.

    Mine is the one with Ubuntu on a pen-drive in the right pocket.

  7. phil
    Boffin

    @lennie and geoff

    "the sites were penetrated by sneaking key-logging programs onto the Windows PCs of people who maintain the sites"

    There fixed that for you in best /. stylee.

    Good luck with your IIS install. We'll be quietly in the background making money while your on msdn trying to work out how to turn logging on to trace yet another bug.

  8. yossarianuk
    Linux

    @lennie - Linux desktop users do not get infected.

    Generally if there is a virus on a Linux server it has been put there through a weakness in

    apache/php - either through poor coding or stupid permissions (chmod 777...)

    Linux desktop users are safe from the virus (as always).

    Thats the difference on Linux (at the moment) you dont just click on a website link and become one of the 'infected' it just doesn't happen.

    The fact that Linux server are giving virus's to Windows users is in my view poetic justice...

  9. Anonymous Coward
    Anonymous Coward

    @yossarianuk

    You seem to be happy that linux based servers are serving viruses to Windows servers. What a lovely chap you must be. I can't help wondering how you would feel if it were the other way round.

    All this linux can only win by destroying MS stuff is really getting on my tits. Some OSes work better than others at some things, others at different things. It's not a war. Even Apple execs realised this some time ago.

  10. Anonymous Coward
    Coat

    Is it just me...?

    beladen... bin laden ?

    I'm sure wacky Jacqui hasn't missed this obvious threat. The internet needs more regulation, more databases - and ID Cards would have stopped this in its tracks! Damn those wishy washy liberals!

  11. Chris C

    @Charles

    "So how do you suppose 40K+ websites, each owned by someone else and hosted by different companies on different servers (supposedly all using different server software) all got compromised in such a short period, each in a seemingly different way? Either it's "typing monkeys" or someone has found a "magic bullet" zero-day vulnerability."

    First of all, it's extremely unlikely that those 40K+ websites are all using different server software. There are only a few web server packages, and only a handful of scripting languages. To claim that they all use different software is ridiculous. Also, I'd venture a guess that most (if not all) of them are using cPanel. Find a hole in cPanel, and the web is basically yours. I'm not saying that this isn't the result of a keylogger. What I am saying is that that certainly is not the only possible explanation.

    ----------

    To all the Windows vs Linux vs Apple guys:

    For the love of $deity, would you please stop waving your dicks around? You're ALL losers, okay? Can't we have one article about an OS without the volley of "my OS has a bigger dick than yours" comments? Each OS has its strengths and weaknesses. Isn't freedom to choose one of the most important freedoms? As Linus himself has said, use the best tool for the job.

  12. Turgut Kalfaoglu

    Script to find malware

    Run this regularly on your linux server. Adjust mtime to taste:

    find /var/www/vhosts \( -name "*htm" -or -name "*php" \) \

    -size -100 -depth -xdev -mtime -144 \

    -exec grep -l "unescape('function" {} \; | tee /root/has-viruses

  13. Jeffrey Nonken
    Unhappy

    @Chris C

    Is that "My dick is bigger than yours" or "I'm a bigger dick than you"? I keep getting those confused.

    O_o

    P.S. Me myself personally, I have systems running variously Windows, Linux, BSD, and OS X (and some of them run more than one). I like 'em all for different reasons. (Or at least find them useful.)

    I've been watching platform wars go on for decades. It gets REAL old after a while.

This topic is closed for new posts.

Other stories you might like