"Nine-Ball" Attack Has Compromised 40,000 Sites
Monday, June 22, 2009 at 3:40PM
Keith Erwood in 9 ball, Computer Security, Malware, nine, nine ball, system security

According to SC Magazine:

The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites.

Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, Stephan Chenette, manager of security research at Websense, told SCMagazineUS.com on Wednesday.

The flaws have all been patched; some date back to 2006, Chenette said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the maliciouscode finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, Chanette said.

All of the exploits currently have low detection rates, he added.

For Full Story:

"Nine-Ball" mass injection attack compromised 40,000 sites

 

 

Article originally appeared on Disaster Preparedness Blog - Emergency Preparedness Tips, Business Continuity and Disaster Recovery Emergency Management (http://disasterpreparednessblog.com/).
See website for complete article licensing information.