By

Internet Storm Center sets Threat Level to Yellow

Due to the appearance of exploits targeting the vulnerabilities in Internet Explorer 8 and Internet Explorer 9, Internet Storm Center (http://isd.sans.edu) has raised the Threat Level to Yellow.

You can read their write-up here:

https://isc.sans.edu/forums/diary/Threat+Level+Yellow+Protection+recommendations+regarding+Internet+Explorer+exploits+in+the+wild/16634

As always, update your browsers daily.

You know hackers will be infecting websites with code that will be targeting this vulnerability. This means that if your website is infected, anyone visiting your site while using Internet Explorer 8 or 9 could have their computer infected.

Please post back if you have any questions or comments.

Thank you.

 

By

FTP Password Stealing Malware

For years now, I’ve been writing about how often websites are infected by hackers stealing their CMS (WordPress, Joomla, etc.), FTP or hosting account login credentials.

I know that some of our competitors roll their eyes whenever we help someone in a forum seeking help with an infected website and we determine that their site was compromised due to stolen login credentials. However, our experience shows this to be a widely used method by today’s cybercriminals.

Here is a link to an article about how this malware works: http://vinsula.com/hunting-down-ftp-password-stealer-malware-with-vinsula-execution-engine/

In the article you’ll see how this malware works. It seeks certain files on your local computer and sends them to the hackers CnC server (Command ‘n Control server). You’ll see in that article that it also seeks out certain anti-virus programs and either disables them or reconfigures them.

One other interesting point of this article is how they obtained the malware – via an infected email. You have to be suspicious of all emails. We constantly see one that looks like it’s from LinkedIn, but if you hover over the link to see their profile before accepting their invitation to connect, you’ll see it does not go to www.linkedin.com. This is a very cleverly crafted email designed to infect the unsuspecting recipient.

Please share this others. The more knowledge shared about how hackers (cybercriminals) work the better and safer we’ll all be. Have any incidents like this to share? Let me know…

Thank you for reading.