virus alert - vendors and consumers read.

[strmrdr]

There is a new worm going around infecting websites then it infects client computers connecting to those websites.
Then it tries to infect every website an infected computer visits.
Some of the majors have been hit.
Update your anti-virus and antispyware several times over the next couple days.
Webmasters watch your servers for unusual activity.
As of right now the AV companies are trying to get a handle on it.
If I get more information I will post it.

I expect this one will hit the news over the next couple days.
This could be the next code red/slammer

 

[Lorelei]

Thanks for the heads up Strm.

 

[Diamond*Dana]

Thanks for the warning

 

[diamondringlover]

Thanks for the warning, heading off to update all of our computers

 

[Kaleigh]

Thanks for the heads up Storm.

 

[Skippy123]

Thanks

 

[WinkHPD]

Thanks Storm!

Wink

 

[DiamondGirlHH]

I heard about this couple of days ago through out IT person.

Here is the email we received, if you do the search they mention in the article you''ll see the sites that are already infected like: morrellwinebar . com / wiredseniors . com / seniorstravelguide . com / aeswave . com - DO NOT VISIT THESE SITES!


Security researchers at the Shadowserver Foundation have discovered another round of SQL injection attacks, this one affecting more than 4,000 web pages that are based on Microsoft''s ASP and .NET technologies.

"This time, the domain name ''winzipices.Cn'' is in the spotlight," Steven Adair, one of Shadowserver''s global base of security volunteers, wrote in a blog post. "It has managed to find itself in the source of over 4,000 pages, according to Google.”

Although the unknown attackers are using many of the same techniques involved in earlier SQL injection attacks, the malware and malicious file trail they are relying on in this case differ from earlier attacks, Adair said. In each case, however, they rely on iFrames to redirect infected website visitors to other pages.

Previous SQL injection attacks uncovered by Shadowserver installed a piece of malware that can steal passwords from systems running Microsoft''s Internet Explorer, Adair said. The malware associated with the new attacks "appears to be part of a kit we have seen in the Chinese malware family for some time now."

Once installed, the new malware downloads a configuration file with several commands that instruct the infected system what to do next. In this case, it downloads yet another file and reports to another URL.

The malware is also capable of address resolution protocol (ARP) spoofing and injecting malicious code into web pages of other users in the infected system''s local network, Adair added. ARP snooping can allow an attacker to examine data frames on an Ethernet LAN that can result in a denial of service attack.

"The iFrames [in this attack] are all pointing to ''bulletproof'' machines in China," John Bambenek, an incident handler with the SANS Internet Storm Center and a research programmer at the University of Illinois, told SCMagazineUS.com Wednesday. "The iFrames don''t seem to be redirecting the user in an overt way, just trying to silently slip malware in using exploits we''ve known about for months.”

"It looks like [the attackers] are just accumulating machines for a botnet," Bambenek added. "The malware isn''t particularly interesting, your run-of-the-mill stuff. One interesting feature is that it will spoof web traffic on the LAN to try to inject malware on neighboring machines.”

IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages'' code (including cached pages). Doing so could infect your PC with malware. (TG007 will not be held liable if you visit the site. If you do, it will be at your own risk).

To see if your site has been hit, run the following Google search: "site:your company domain (ex. tg007.net) winzipices.cn (Do NOT visit site)." Or search for that domain within your Web site HTML code. If you find anything, let your IT know immediately. When I ran a search just now I saw sites for everything from insurance companies to cemeteries to universities that all appear to have been infected.

The worm uses a SQL Injection attack, according to the ISC, but it doesn''t yet know just what vulnerability is targeted. The attack highlights the importance of keeping your site secure. It''s likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.

 

[strmrdr]

different attack and a slightly different method than that one is the word im getting.
This is round 2

 

[strmrdr]

btt