• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Security Discussion on Silent Drive-by Malicious Payloads from Hacked servers

Question

DevTech    1,518

First of all, there appears to be a segment of the technology community that does not believe in the existance of Silent Drive-by Malicious Payloads from Hacked servers or else they believe this is not possible with a major server. If you fall into that category, please try to keep this thread read-only.

 

The intended discussion is on how to deal with it, not on whether it exists or not.

 

I am hoping this thread will be a useful repository of information for server operators and for users wishing to protect themselves from this particular attack vector.

 

 

  • I generated a giant load of links while trying to find a particular Google disclosure website - taking a while to organize the info
  • Like 1

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0
DevTech    1,518

Public Non-Silent Hacks

 

The thread is on Silent Hacks. The stuff that makes all the news sites that people read is the flashy defacements with political agendas etc. This makes silent attacks fall into the boring category from a news point of view. Here are some examples of public attacks:

 

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
DevTech    1,518

There was a time when sites  like Google and Microsoft provided what the security industry calls Full Disclosure - https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)

 

These days, major sites are a bit more prideful of their reputation and have come up with the non-transparent concept they call Transparency which mainly pokes a stick at the government but to the credit of Google and Microsoft also includes some Malware issues.

 

Google:

 

https://www.google.com/transparencyreport/?hl=en

 

Microsoft:

 

https://www.microsoft.com/about/csr/transparencyhub/

 

Twitter:

 

https://transparency.twitter.com/

 

 

Share this post


Link to post
Share on other sites
  • 0
DevTech    1,518

MIsc Hacked Website Info:

 

Share this post


Link to post
Share on other sites
  • 0
DevTech    1,518

Misc Malware Notes:

 

  • GozNym combines Nymaim and Gozi Trojans to hit 24 U.S. and Canadian banks "The new computer Trojan targets 22 websites that belong to banks, credit unions and e-commerce platforms based in the U.S., and two that belong to financial institutions from Canada. Business banking services appear to be a top target for GozNym's creators, according to the IBM researchers. Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. This malware is as stealthy and persistent as the Nymaim loader while possessing the Gozi ISFB Trojan’s ability to manipulate Web sessions, resulting in advanced online banking fraud attacks, the IBM X-Force researchers said"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.