Its rather depressing how many new issues come to light. Microsoft for example issued 22% more security bulletins this year than last year. Its estimated that there are almost 15 percent of enterprise users who still have Windows XP in their networks.
Trustwave’s SpiderLabs researchers found a piece of malware that collects data entered into Web-based forms, pretending to be a module for Microsoft’s Internet Information Services (IIS) Web-hosting software.
The malware, which is dubbed “ISN,” hasn’t been widely seen. It is a malicious DLL (dynamic link library), which is installed as a module for IIS. ISN’s installer contains four versions of the DLL, one of which is served up depending on whether a victim uses the 32- or 64-bit version of IIS6 or IIS7+. Its currently undetectable by most anti virus software.
ISN collects data from POST requests, stolen from within IIS itself, which circumvents encryption, and is then sent elsewhere. The malicious module can be configured to monitor information from specific URIs (uniform resource identifier). The malware has so far been seen targeting credit card data on e-commerce sites, however, it could also be used to steal logins, or any other sensitive information sent to a compromised IIS instance.
Trustwave’s SpiderLabs also infiltrated a control server for the massive Pony botnet that was dumping credentials that it had harvested from compromised computers around the world. massive hack has served up the user names and passwords of nearly 2 million Facebook, Twitter, Google and Yahoo accounts, among others. The breached database also let loose credentials for 1.58 million Web site log ins, 320,000 e-mail accounts, 41,000 FTP accounts, 3,000 remote Relevant Products / Services desktops, and 3,000 shell accounts.
We recommend regular passwords updates and before you make the changes always check for malware.
