Home » Story links » Param's story links

CA's Web site hacked by malware authors

Link: http://www.computerworld.com/action/article.do?articleId=905...
Points: 512 views User: Param Comments: 4 Comments Tag:

Part of security software vendor CA's Web site was cracked earlier this week and was redirecting visitors to a malicious Web site hosted in China.

Although the problem now appears to have been corrected, cached versions of some pages in the press section of CA.com show that earlier this week the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center.

The hack is similar to last year's attack on the Dolphin Stadium Web site, which infected visitors looking for information on the Super Bowl football game, Sachs said. "It's exactly the same setup," he said. "It's JavaScript that they've managed to insert into the title or the body of the HTML."

CA itself may not even host the press release section of its site, as that job is often outsourced to a third party, Sachs said. Often a misconfigured application server or a Web or database programming error can give hackers all the opening they need to insert their malicious code.

"When you outsource, you've got to be just as (demanding) about security as you are with your own site," Sachs said.

CA representatives could not be reached immediately for comment.


Email: Email this Story to a Friend

uc8010 is using a 0-day

Submitted by Param on Sun, 2008-01-06 03:43.

uc8010 is using a 0-day real-player vulnerability ...

Evgeny Legerov reported a vulnerability involving Real Player which could allow an attacker to execute code on victim computers. At this moment in time, there is no patch or other work around for this vulnerability though I would expect that limiting end-user privileges would limit the potential risk.

Details at Sans

»

Its simple to download the

Submitted by Param on Sun, 2008-01-06 04:23.

Its simple to download the javascript's from uc8010.com for analysis and from what I have seen till now, it uses nice obfuscation technique (though nothing new).. and its possible to write an IDS signature for this one :)

»

The code below is from

Submitted by Param on Mon, 2008-01-07 20:29.

The code below is from uc8010.com/046.htm ...

eval(
function(p,a,c,k,e,d){
e=function(c){
return(
..snip...

The same function(p,a,c,k,e,d) was used in Google Orkut XSS worm ( Read Symantec Analysis )

»

Never mind, all of them are

Submitted by Param on Mon, 2008-01-07 20:39.

Never mind, all of them are using http://javascriptcompressor.com/ tool to compress their javascript code.

Duh ! more work for us ... :-p

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.