[pchelpers] News:JavaScript worm from late 2007 happily frolicking in 2008

By Joel Hruska | Published: January 16, 2008 - 07:30AM CT

Back in late December, Ars covered the sudden appearance of a JavaScript
worm variant designed to capitalize on the assassination of Benazir
Bhutto. While the exploit itself had been in the wild for some time, the
speed with which the virus' authors were able to create and launch a new
version aimed at web users searching for information on the former Prime
Minister's assassination was surprising. The malicious script faded from
the radar soon thereafter, but according to security corporation Finjan,
it's still very much alive and kicking. 

According to the company's report today, the bug is proving difficult to
lock down due to its continually-changing attack vector. The malicious
script is dynamically embedded into a web page, and it provides a
randomly-generated filename that can only be accessed once. The script
also stores the IP of a visitor for comparative purposes. If a computer
at the same address accesses the web site again, the malicious
JavaScript code will be gone. The URL that the Javascript pointed to,
and that the infected files were drawn from, will similarly be invalid. 

More here:
http://arstechnica.com/news.ars/post/20080116-javascript-worm-from-late-2007-happily-frolicking-in-2008.html
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: