Password-stealing hackers infect thousands of Web pages
Hackers looking to grab game passwords
IDG News Service - Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days.
The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee Inc. researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites.
McAfee isn't sure how so many sites have been hacked, but "given how quickly some of these attacks have come on, it does seem like some automation has gone on," said Craig Schmugar, a researcher at McAfee's Avert Labs unit. In the past, attackers have used search engines to scour the Internet for vulnerable Web sites and then written automated tools to flood them with attacks, which ultimately let criminals use legitimate sites to serve up their malicious code.
The attack code takes advantage of bugs that have already been patched, so users whose software is up to date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.
If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including The Lord of the Rings Online.
These online game passwords are a popular hacker target, in part because many online gaming resources can be stolen and then sold for cash.
Widespread Web attacks such as this are becoming more common too.
In January, security vendor Finjan Inc. reported a widespread hacking effort that infected 10,000 Web sites with malicious code that attacked visitors and then installed data-collecting software on their machines.
This type of attack is attractive to criminals, in part because it can be hard to thwart. "It's more subtle than spamming a malicious executable file to billions of e-mail addresses," Schmugar said. "You allow the people to go to the sites that they normally go to and pull off a low-scale attack that flies under the radar."
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!