A security hole has recently been discovered in Macromedia Shockwave Flash allowing attackers to compromise machines that haven't applied the relevant patches. A large number of sites(even local co.za sites) have been compromised, and are still hosting the malicious content, this is affecting end users.
Please download the patch or the updated package and install from here:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
It is critical that you apply this patch as soon as possible to avoid your machine being compromised.
More about this can be read on:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080527
In other news, it seems like www.sabc.co.za and www.reportstar.net were hit by instances of injection(No links added for obvious reasons). This was confirmed by several clients emailing us about it. The websites should still be visible on Google for confirmation.
The source code of www.sabc.co.za and www.reportstar.net both included:
http://www.dota11.cn/m.js - as of morning of 2nd June 2008.
You can read up more about it at:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3409559&SiteID=1
No comments:
Post a Comment