Archive for the ‘Hacking and Security’ category

« Older Entries
Newer Entries »

qq829.com: Malicious Scripts or Spam from China?

April 18th, 2010

Website managers from all over the world are reporting some weird referrers from qq829.com to their sites. If you are following your site stats on a daily basis, you might have come across some peculiar and unexplained traffic from China, from a link that looks like this:

http://qq829.com/web_stat.asp?dn=domainname.com

The domain itself, qq829.com, is Chinese and linked to http://new.cnzz.com – a known spammy domain. It’s hard to make sense of the site itself. Some information about the site can be found here.

At the moment, there aren’t certain answers as for what this link is, if it’s malicious or just Splog or spam. Currently, the most helpful source of information about this, is a discussion in Google Analytics Help.

You can also follow updates on the matter with a Google search, focused on the latest results.

The links are suspicious and a bit worrisome, because no one knows for sure if it’s a script attack, simple spam or a meaningless mistake on the Chinese side (unlikely). If you own a website, make sure your files haven’t been tampered with ( I’ve checked mine and they seem untouched) and that you have a strong FTP password and/or a strong admin password (if you have a CMS).

The best solution I have located thus far is to block the Chinese IPs through the .htaccess file. The IPs change with every hit, but you can also block whole batches of IP addresses from China if you don’t fear losing Chinese traffic.

If you wish to block traffic from cnzz.com and qq829.com, AurelloSoft suggests that you insert this code in your .htaccess file (COPY WITHOUT the dashes in the last line!):

SetEnvIfNoCase Referer "^qq829" TOBLOCK=1
SetEnvIfNoCase Referer "^cnzz" TOBLOCK=1

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=TOBLOCK
</FilesMatch>

—–

Update #1: There’s now a claim that qq829.com provides spammers with pre-written blogs. This re-enforces the assumption that the links are spam, but there hasn’t been any serious analysis of the site or the code.

Update #2: Thus far the best solution is blocking Chinese IP addresses via the .htaccess file. See instructions above.

15 comments »

Posted in Hacking and Security, Internet

Tags:

Hackers Find Google Buzz Exploit

February 18th, 2010

It’s not enough that Google Buzz infringes your privacy, now it’s revealed that it also has at least one medium security flaw.

This security problem in Google Buzz is caused by a programming error, called a cross-site scripting flaw. This hole lets an attacker put his own scripting code into web pages that belong to sites such as Google.

This flaw makes it possible for an hacker to “use” your Google Buzz account – he can say things in your name and make you follow people you don’t want to. This also opens the door to phishing attacks.

This security problem was discovered by a hacker named TrainReq, best known for posting photos stolen from pop star Miley Cyrus’ e-mail account to the Internet.

Google said they are aware of the flaw and that they will fix it.

No comments »

Posted in Hacking and Security, Internet, Social Networks

Tags:

Mozilla Cleans Out Two Malicious Add-Ons

February 7th, 2010

Add-ons are a great thing – they make your software more useful and much more to your taste.

Firefox has tons of wonderful add-ons, that turn the browser into a mean piece of software for web developers, web designers or power internet users.

Apparently, the popularity of add-ons also made them a target for malware creators. Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware – Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer.  Mozilla has since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents.

This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected.

Simply removing the ad-ons won’t clear the trojans, so you need to scan your computer with an anti-virus.

Be careful out there…

No comments »

Posted in Hacking and Security, Internet, Software and Apps

Tags:

Yet Another IE Security Problem

February 4th, 2010

It’s not new – we already know it. Internet Explorer is a flawed browser, with many security holes – and it just ripped itself a new one.

Microsoft has issued Security Advisory (980088), which basically says that Internet Explorer, for those who use Windows XP or who have disabled Internet Explorer Protected Mode, allows access to files with an already known filename and location. In other words – hackers can browse your files vie IE.

Browser versions affected are: Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. The company hasn’t issued a patch yet.

I have a better tip for you: USE FIREFOX.

No comments »

Posted in Hacking and Security, Internet, Software and Apps

Tags:

ICANN Begins DNSSEC Deployment in Root Zone of DNS

January 31st, 2010

ICANN, the Internet Corporation for Assigned Names and Numbers, has announced the beginning of DNSSEC deployment.

DNSSEC information is now being served by L-Root, one of the Internet’s 13 root servers, operated by ICANN.

The DNS is very important to the proper operation of almost all services on the net, and the deployment of DNSSEC in the root zone is the biggest structural improvement to the DNS to happen in 20 years. According to ICANN, the deployment of DNSSEC is proceeding with widespread involvement of the Internet’s technical community, and is being carefully staged so that any unintended consequences of the deployment can be identified and mitigated promptly.

The reaction of the root server system as a whole to the change is being closely monitored, with root server operators performing extensive data collection to be analysed centrally. The data collection and analysis is being coordinated by DNS-OARC, the Domain Name System Operations Analysis and Research Center.

Other root server operators will execute similar maintenance procedures in the coming months. Deployment of DNSSEC is proposed to be completed in July 2010.

What is DNSSEC?

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, data integrity, but not availability or confidentiality, and authenticated denial of existence (source).

For more information about the deployment of DNSSEC in the root zone, including details of how to contact the deployment team, click here.

No comments »

Posted in Hacking and Security, Internet, Tech News

Tags: