Virus Information News

 Title   Date   Author   Host 

TSA Worker Gets 2 Years for Planting Logic Bomb in Screening System
by Kim Zetter
January 12, 2011

A former TSA worker convicted of planting a logic bomb on a system used to screen airline passengers was sentenced to two years in prison and ordered to pay about $60,000 in restitution to the TSA.

Douglas Duchak, 46, had worked as a data analyst at the TSA's Colorado Springs Operations Center, or CSOC, since 2004. He planted the malware in late 2009, after the agency gave him two weeks' notice that he was being terminated from the job he'd held for five years.

U.S. Declares iPhone Jailbreaking Legal, Over Apple's Objections
July 26, 2010

Federal regulators lifted a cloud of uncertainty when they announced it was lawful to hack or jailbreak an iPhone.

TJX Fires Employee for Disclosing Security Problems
Wired Blog Network
by Kim Zetter
May 27, 2008

A TJX employee was fired last Wednesday after posting messages to an online forum disclosing that TJX has not improved security since it suffered a massive data breach in which the credit card information of 94 million customers was stolen.

The employee, Nick Benson, who worked at a TJ Maxx outlet in Lawrence, Kansas (which is owned by TJX), wrote that earlier this month the manager at his store changed the log-in protocol so that employees were able to log onto company servers using blank passwords.

FIFA World Cup Spurs Targeted Spam
WHIR Web Hosting Industry News
June 17, 2010

According to Symantec, Brazil's early World Cup lead may also be giving it the unfortunate distinction of being the focus of targeted attacks.

Symantec intercepted a run of 45 targeted malware emails on June 2 en route to a number of Brazilian companies. The emails attempt to draw in World Cup fans by spoofing a well-known sportswear manufacturer sponsoring the FIFA World Cup. Symantec noted that the most interesting aspect of the attack is that It uses two attack modes, a PDF attachment and a malicious link, meaning that even if the malicious PDF attachment is removed by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient.

Symantec to Acquire PGP and GuardianEdge for $370M
WHIR Web Hosting Industry News
April 30, 2010

Security firm Symantec announced on Thursday it will acquire two data encryption companies for $370 million. Symantec will pay $300 million in cash for PGP and $70 million in cash for GuardianEdge.

The agreements for the companies -- which both provide technology for standards-based encryption of full-disks, removable media, files, folders and smartphones -- are expected to close this quarter. Once the acquisitions are completed, Symantec will combine the technology with its own to offer data encryption across different mobile devices associated to corporate networks. The security firm will use technology from both companies and standardize it on the PGP encryption-key management platform, delivering centralized policy and key management abilities. Symantec will then integrate the PGP platform into its Protection Center, which provides a range of services including threat, security and operational dashboards and reporting. This will help Protection Center better manage endpoint security, prevent data loss and secure gateways, says the company.

Apache Project Servers Infiltrated Via XSS Bug, Passwords Compromised
WHIR Web Hosting Industry News
April 14, 2010

Hackers gained access to a server used by the Apache Software Foundation ( to keep track of software bugs in an attack that exploited a cross-site scripting bug.

According to an incident report from, hackers using a compromised Slicehost server opened a new issue, containing a URL that redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting attack crafted to steal the session cookie from the user logged-in to JIRA. Several administators clicked on the link, compromising their sessions. Meanwhile, the attackers started a brute force attack against the JIRA login.jsp running thorough hundreds of thousands of password combinations. A day later, one of these attempts was successful, giving the hacker administrator privileges on a JIRA account. They used this account to disable notifications for a project, and to change the path used to upload attachments. They created several new issues and uploaded attachments to them -- including JSP files that gave them backdoor access to the system, and a JSP file that was used to browse and copy the file system, creating copies of many users' home directories and various files. On the morning of April 9, the attackers had installed a JAR file that would collect and save all passwords upon login. The attacker then sent password reset mails from JIRA to members of the Apache Infrastructure team, who, thinking that JIRA had encountered an innocent bug, logged in using the temporary password sent in the mail, then changed the passwords on their accounts back to their usual passwords. Because one of the recovered passwords had been the same as a local user account on, which the attacker used to gain full root access to the machine that hosted the Apache installs of JIRA, Confluence, and Bugzilla. With root access to the attackers found several users that had cached subversion authentication credentials, using them to log into the main shell server,

Hundreds of WordPress Blogs and Sites Recover From Attack
WHIR Web Hosting Industry News
April 12, 2010

As users prepare for version three of the popular open-source blogging platform WordPress, many of those using WordPress had their site or blog hacked, redirecting visitors to a page that attempts to install malicious software.

According to a Friday report from security expert Brian Krebs, after surveying multiple postings on WordPress forums and blogs, the attack appears not to modify or create files, but instead inject the web address "" directly into the target site's database, redirecting visitors to Also, due to this attack method, site owners locked out of the WordPress interface for their blogs. If the forum posts were any indication, nearly WordPress user affected reported Network Solutions as their current hosting provider, although the company claims not only Network Solutions customers were affected. Shashi Bellamkonda, Network Solutions' head of social media, noted in a Sunday blog entry that the WordPress issue has been fixed. Though he doesn't identify the root cause the issue, he writes that it has been addressed, and most sites have been fixed. In solving the problem, we have had to change database passwords for WordPress. Normally, this does not impact functioning of the blog, but in some cases if you have custom code with manually-embedded database passwords (in files other than wp-config), this will require changes. It remains unclear whether the point of compromise is a WordPress vulnerability, a malicious WordPress plugin, or if it has to do with a common service provider. As a precaution, Network Solutions is urging customers using WordPress to log into their account and change their administrative passwords, and delete all administrative access accounts they do not recognize.

US Wins Dirtiest Web Hosting Country Title: Sophos Report
WHIR Web Hosting Industry News
by David Hamilton
February 3, 2010

According to Sophos' Security Threat Report, more than a third of the world's infected sites are hosted in the US, placing it ahead of Russia's 12.8 percent share and China's 11.2 percent.

Sophos warns US hosts to clean up their act by taking better care to weed out malicious websites in their care. Also, webmasters should ensure that their sites are securely coded and properly patched against hackers who try to inject malicious software into their pages.

CIA, PayPal Among Organizations Hit by SSL Assault
WHIR Web Hosting Industry News
by David Hamilton
February 1, 2010

According to multiple reports by online researchers, including Internet watchdog group Shadow Server and SecureWorks malware research director Joe Stewart, these sites experienced an unexpected rise in traffic by several million hits spread out across sev

"This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth," Shadow Server notes in a blog post. Shadow Server went on to suggest that the Pushdo botnet, which recently underwent changes to its core code, was likely the perpetrator, causing infected nodes to create junk SSL connections to approximately 315 different websites. This attack, Shadow Server notes, is not the typical distributed denial of service operation, and it seems that knocking sites offline wasn't the end goal. "The bots seem to start to initiate an SSL connection and a bit of junk to the websites and then disconnect," they stated. "They do not actually request an resources from the website or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long. We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either." Given the nature of the attack, it remains unclear why Pushdo unleashed the torrent.

Leaders Call for Review After 49 House Websites Defaced
WHIR Web Hosting Industry News
by David Hamilton
January 29, 2010

Following the president's State of the Union address, a hacker infiltrated 49 House of Representatives websites of both political stripes to post an obscene message insulting President Barack Obama.

House chief administrative officer spokesman Jeff Ventura told the press that while most House websites are managed totally by House technicians, individual offices are permitted to contract with a third party to manage new features and updates. The sites that succumbed to the online attack were managed by GovTrends, a private vendor based in Alexandria, Virginia. Ventura told the AP that, while performing an update, GovTrends left itself vulnerable, letting the hacker penetrate individual member sites and committees overnight. This let the attacker leave a message insulting the president, who spoke at the House Wednesday night. The message read that it was "from Brasil," however, the true origins of the attack are unclear, as well as any specific political motivations.


Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Shawn K. Hall © 2003-2023 Powered by 12 Point Design
Professional Web Hosting and Design Services: 12 Point DesignAt Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling painReliable Answers - developer information, current news, human interest and legislative newsLocal Homeschool provides the most up-to-date support group listings in a geographical and searchable indexTwain Harte, CA - The closest you can get to Heaven on EarthSaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security

AddThis Social Bookmark Button