Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mass Web Infections

Published: 2008-01-14
Last Updated: 2008-01-15 20:46:57 UTC
by Mari Nichols (Version: 2)
0 comment(s)

One of our readers, Peter, asked us to post a Register article for comments.

http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

It would appear that two different web infections are moving around the Internet.   One is about 15% of ScanSafe's traffic, the other only 1%.  The 15% represents e-commerce websites hosting the infections and passing them on to visitors.

The latter traffic is significantly more interesting as it appears to be intelligent enough to produce a randomly generated file name each time the person visits the site.  It is this fluxing which is causing so much discomfort with Incident Handlers worldwide.

If you have any info regarding these mass infections.  Please let us know here.

Fair Winds,

Mari Nichols

2008/01/15: Thanks to Dan Goodin for bringing to light a small inaccuracy in this diary entry. It has now been fixed.

Keywords:
0 comment(s)
Diary Archives