There is a new computer exploit in the wild, one that allows hackers and criminal elements to inject code of their choosing into popular internet websites. Once this code has been injected to the unsuspecting website, and you visit it, your computer will become infected with additional code that allows the hackers to then gain control over your computer. What’s worse, you will probably never know that your computer is infected without the help of a computer security expert. Just by visiting websites on the internet you’re at risk. Once infected, your computer will be used by the hackers to remotely send spam, steal private data, purchase goods on stolen credits and perform other types of online crime. All of this will happen invisible to you, in the background, using your internet connection. When the authorities go to trace back the source of the crimes that have been perpetrated, they will see your IP address and mistake you as the criminal, because the crimes originated from your ISP, even though you had nothing to do with them!

There are basically two problems at work here. First, there is a problem with vulnerable Microsoft IIS web servers, along with Microsoft SQL and Active Server Pages (ASP). The problem is described pretty well over at Dancho Danchev’s blog. This is a SQL injection attack and it works on servers with website code that is poorly written and does not validate input passed via ASP forms to SQL server. There’s a pretty impressive (but partial) list of websites that are infected via this Google Link. Basically, the majority of websites in this list (and many, many more that aren’t listed) will cause your computer to become infected upon browsing to them. I do not recommend you browse to or visit any of the websites listed unless you are using the Firefox browser and have the noscript add-on installed. See my earlier post that links to and describes browsing the internet safely with noscript and Firefox.

Website owners beware. If any pages on your website have a script that looks something like this, you’re infected: “script src=http://www.nihaorr1.com/1.js” If you currently own or manage a website and are concerned about the possibility of your website being infected, contact Leo Polus today. We offer professional website services and can check your server for problems, cleaning up any vulnerabilities if found.

The second problem exists on the computers of individual internet users. It deals with the alarming rate at which Javascript is expanding into every website on the internet. You can hardly use a modern website on the internet without Javascript being enabled, and this presents a real challenge for Noscript. Noscript works when you use it sparingly, turning it on only for the most trusted of sites that you visit. Now, with the exploit taking over legitimate websites, even those sites that you think you can trust and enable scripting for could in fact contain malicious code that will damage your computer. Noscript is no longer a reliable security tool under these circumstances. In fact, noscript could actually be harmful, giving you a false sense of security on websites that you’ve always been able to trust but have since been exploited.

The best defense against this existing threat is the use of Windows Hosts files. I won’t go into the details of using Windows Hosts, there is already a lot of really good information on the internet that can tell you how to configure them. Personally, I’ve added both 127.0.0.1 nihaorr1 .com and haoliuliang.net to Windows Hosts and now I can feel a little bit safer. Exploits that take advantage of scripts on these websites will instead harmlessly bounce back to my local machine. There are plenty of other exploit websites you can find to add to a Windows Hosts file just by searching on Google.

If you are concerned about the security of your computer or your personal data, please contact a computer security professional at Leo Polus immediately to have your computer scanned, cleaned and protected.

This entry was posted By Andre Morris on Monday, April 28th, 2008 at 7:14 pm and is filed under Tech Club General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.