The sites effected by the last SQL injection wave haven’t recovered until it’s time for the next attack of SQL injections

Once again it looks like it’s older version of phpbb that got injected by JS_SMALL.QT (discovered by Advanced Threats Research Program Manager Ivan Macalintal). Unfortunately if you’re going to use phpBB you have to make sure you upgrade after they’ve released yet another security fix (which they tend to to often sometimes ).

Visitors to a compromised site got redirected a couple of times to other sites and then will see a popup asking to install an ActiveX Object.

When the ActiveX Object gets installed these trojans also gets installed on the victims computer:

• TROJ_DNSCHANG.CS
• TROJ_ALUREON.AE
• TROJ_ALUREON.AH
• TROJ_ALUREON.AI

According to Trend Micro these trojans are evil:

These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats.

Read more at Trend Micro.

Popularity: 6% [?]

I just got an email from Google informing me of possible phishing attempts and that I should be “on my watch” for suspicious emails appearing to be from Google. Here’s the email I got (I removed @ from the email addresses):

At Google, we take the safety of our users very seriously, and we work hard to ensure that your accounts are secure. As part of those efforts, we recently compiled some tips on our blog to help protect you from “phishing,” which is an attempt to fraudulently collect passwords, credit card numbers, and other sensitive information: http://googleblog.blogspot.com/2008/04/how-to-avoid-getting-hooked.html

This information is important because any online account can be targeted by phishers, including online advertising accounts.

There are reports of phishing attempts that falsely appear to be from adwords-noreply (a) google.com. These fraudulent emails ask users to update their billing information, take action on a disapproved ad, edit their account, or accept new AdWords terms and conditions. Please remember that Google’s AdWords team will never send an unsolicited message asking for your password or other sensitive information by email or through a link.

If you need to change your account information, such as your billing details or your password, always sign in to your AdWords account from the main AdWords login page at https://adwords.google.com and make the changes directly within your account.

We’ve included more information below on how to avoid phishing. If you have any questions, please don’t hesitate to contact us at adwords-support (a) google.com.

Sincerely,
The Google AdWords Team

As always it’s important to make sure your logging in at the correct site (in this case google.com).

Popularity: 12% [?]