Skip Links

Network World

  • Social Web 
  • Email 
  • Close

iFrame attacks and Facebook spam

Hackers expand massive IFRAME attack to prime sites Patches from VMWare, CA, Ubuntu, others With Vista breached, Linux unbeaten in hacking contest, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 03/31/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Today's malware news:

Hackers expand massive IFRAME attack to prime sites
The massive attacks against hundreds of thousands of Web pages that started earlier this month has spread to some of the Internet's most prominent sites, including those for USA Today, ABC News, Target and Wal-Mart, researchers said Friday. Computerworld, 03/29/08.

Backup and Disaster Recovery : Download this special report

Also: Major Web sites hit with growing Web attack

Spam 2.0 Moves to Facebook
Fortinet Global Security Research Team warns about hijacked Facebook accounts posting deceptive messages on Wall. Fortinet, 03/28/08.

Related Content

Also: Worm Blog: Facebook Worm?

IRS warns of new online tax scams; protect yourself
Scam artists exploiting tax season have devised a range of new online cons: fake tax documents that contain malicious surprises; mass distribution of keyloggers aimed at snatching the identity of PC-based tax filers; and e-mail messages containing links to Web sites that promise new tax code information but instead push malware onto your PC. PC World, 03/29/08.
**********

Today's bug patches and security alerts:

VMWare releases patch for ESX
A flaw in the libxml2 that could be exploited in a denial-of-service attack against VMWare's ESX server has been patched. VMware ESX 2.5.5 before Upgrade Patch 6 or VMware ESX 2.5.4 before Upgrade Patch 17 are vulnerable and should download the latest update.
**********

CA patches multiple products
According to an advisory, "CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser."
**********

Four new patches from Ubuntu:

Ruby (multiple flaws)

SDL_image (multiple flaws)

libnet-dns-perl (denial of service)

Dovecot (authenticaion bypass)
**********

Five new fixes from Debian:

iceape (multiple flaws)

exiftags (multiple flaws)

xulrunner (multiple flaws)

policyd-weight (non-secure temp files)

firebird2 (multiple flaws)
**********

Four new updates from Mandriva:

Firefox (multiple flaws)

sarg (multiple flaws)

openssh (session hijack)

perl-Tk (denial of service)
**********

From the interesting reading department:

Audit Your Web Server Lately?
Web servers being hacked is nothing new and Web administrators continue to maintain their servers in the attempt to prevent this from happening. Well, it might a good time for everyone to audit their servers again because we have confirmed yet again another campaign of IFRAME injection attacks today. Symantec Security Response blog, 03/28/08.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed