|
sub4hire -> Google searchers could end up with a new type of bug (4/2/2008 10:45:07 AM)
|
Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs. The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. They will usually be taken to the Web page they expect. But at the same time, they are invisibly redirected to a computer server that installs a hidden program. This program enables hackers to use the PC to spread spam and carry out scams. Typically, it also lets the attacker embed a keystroke logger, which collects and transmits your passwords and any other sensitive data you type online. Any website indexed by Google (GOOG) that fails to carefully handle JavaScript — the coding that activates many cool Web features, such as changing the color of a button when someone mouses over it — is a potential target. That's seven in 10 sites, says tech security firm WhiteHat Security. Hackers have discovered ways to trick the website application to run malicious JavaScripts. "We're in a phase where one or two smart guys are attacking a few dozen major websites," says David Dewey, manager of IBM's X-Force security division. "In the next few weeks I would expect to see copycats attacking hundreds of high-profile websites."http://yahoo.usatoday.com/tech/news/computersecurity/2008-03-31-javascript-hackers_N.htm?csp=1
|
|
|
|
