Users visiting a site that had been injected were redirected to exploit kits that can install a wide variety of exploit code on their machines to compromise security, send spam and steal data.
Web site administrators who find similar script injections should check all Web pages for any content they are not familiar with.
They also should perform a full and thorough security audit of the site and the server or servers hosting it to ascertain how the illicit code injections happened. It will be necessary to fix all the issues that such an audit uncovers to keep the site from being compromised again in the future.
Numerous domboware.hu script injections are visible with a search engine
Many infocenc.com injections also are visible via search engines as well:
infocenc.com injection is visible in page source code:
After a couple redirects the Java exploits load:
2. Who can you really trust with your cell phone number?
There was a day when you robbed someone by sneaking up on him, hitting him over the head with a stick and taking his food/wife/cattle. Then we got the Internet.
Well, Ok, there were a lot of scams invented in between, but the point is there are a lot of techniques for stealing from people that don’t involve a big stick. Getting their cell phone number and billing them through their account for semi- or totally useless services is one.
The point here, in case you need to have it pointed out: don’t fill out forms on web pages that ask for your cell phone number unless you REALLY know you’re on a legitimate site.
Case in point:
An ad for something fun appears on your Facebook wall.
Oh, a quiz. They’re fun:
“Sign up to get your results” (cell phone number required.)
READ the fine print: “You will be shown 3rd party ads. Some ads have SMS subscriptions that cost up to $9.99/month.”
Illegal? No, not on the face of it, assuming you trust a totally strange web site to do what it says. But you’re taking a chance circulating your cell phone number. Why do these folks need your cell phone number if they’re just going to pass your name along to advertisers?
SMS ads from third parties might just be the stick over the head of the Internet age.
3. Lurid Facebook ClipJacking scam
We saw 100,000 detections of this one over the weekend:
It’s called “ClipJacking,” which is basically spamming a message through Facebook users’ walls.
3. Drive by downloads this week: German ransomware, System Security 2011 and System Restore rogues
German language ransomware
This ransomware scam takes your machine hostage and demands 100 Euros to give you access to it again.
It claims to be an action by the German police taken because your computer is loaded with violent child porn (Kinderpornographie), bestiality (Sodomie) and terrorism-related emails. After you pay the 100 Euros, it says you will be given a password to give access to your machine.
System Security 2011 rogue
This rogue security product looks like clone of last weeks AV Protection Online. Rogues are fake security applications that present Internet users with dire warnings of (phony) problems to lure them into purchasing security products that do nothing.
System Security 2011 features a professional looking graphic interface:
And a pop-up window warning the potential victim of large number of infections:
The System Security 2011 payment screen offers a fake product for “only” $52.95.
System Restore rogue
If you think about the error message that the System Restore rogue security presents, it doesn’t make much sense. After it tells you and “Windows OS can’t detect a free hard drive space” and “Disk drive C:\ is unreadable,” which it “failed to fix,” it tells you of about a dozen other “errors” that would be ON the drive. So, how does it know there are disk errors if it can’t read the drive?
And, of course the payment screen offers the fake product for $74.95 ($84.50 for the “professional” edition).
– AVG Threat Research Group