As a player in the website security space, we frequently find research of other organizations and we like to bring it to your attention so you learn more about the cybercriminals who want to infect your website with malware for their nefarious purposes.
In research announced by Incapsula: http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html, a website in the Alexa’s Top 50 was used to launch DDoS (Distributed Denial of Service) attacks on other websites.
As usual, you might ask, “Tom, why is this website security news important to me?”
It’s important that you learn why hackers want your website. You need to know why website malware is so prevalent. Yes, even if it’s a small blog that only covers events in your local community. Hackers can use your website for any of their money making schemes.
which flooded our client with over 20 million GET requests originating from the browsers of over 22,000 Internet users
In this report, which gets a little technical, they also mention that the new code is tracking the attack for what appears to be for billing purposes. Yet another income stream for cybercriminals.
The hackers could be offering this as a service, for which they charge a fee.
If you have questions about this, please ask in the comment section.
For years now, I’ve been writing about how often websites are infected by hackers stealing their CMS (WordPress, Joomla, etc.), FTP or hosting account login credentials.
I know that some of our competitors roll their eyes whenever we help someone in a forum seeking help with an infected website and we determine that their site was compromised due to stolen login credentials. However, our experience shows this to be a widely used method by today’s cybercriminals.
Here is a link to an article about how this malware works: http://vinsula.com/hunting-down-ftp-password-stealer-malware-with-vinsula-execution-engine/
In the article you’ll see how this malware works. It seeks certain files on your local computer and sends them to the hackers CnC server (Command ‘n Control server). You’ll see in that article that it also seeks out certain anti-virus programs and either disables them or reconfigures them.
One other interesting point of this article is how they obtained the malware – via an infected email. You have to be suspicious of all emails. We constantly see one that looks like it’s from LinkedIn, but if you hover over the link to see their profile before accepting their invitation to connect, you’ll see it does not go to www.linkedin.com. This is a very cleverly crafted email designed to infect the unsuspecting recipient.
Please share this others. The more knowledge shared about how hackers (cybercriminals) work the better and safer we’ll all be. Have any incidents like this to share? Let me know…
Thank you for reading.