Xavier Media
The Antivirus Bug News and updates from the antivirus and Internet security business
Subscribe to our feed:

 Subscribe in a reader

Subscribe by email:
Enter your email address to subscribe to this blog by email:

Search this blog:

Archive for the ‘Trend Micro’ Category

Watch out for files called start.html and begin.html

Tuesday, July 22nd, 2008

According to Trend Micro you should stay away from files called start.html, begin.html, r.html, main.html, news.html, and about.html since all these files will try to install a dangerious file called WATCH.EXE. This .EXE file contains a malware called TROJ_AGENT.AYZO.

Since all these .html and .exe files are hosted on legitimate sites that has been hacked or compromised it’s important to have a look at your address bar every now and then. It’s of course also important to not to download files you don’t know are safe!

If you own a web site on your own you have to upgrade all your blogging, forum and other software you may use on your site as soon as a new security update is released. You should also look for files you know you haven’t uploaded (espesially files called start.html, begin.html, r.html, main.html, news.html, and about.html).

If you host your web site on a unix or linux based server then it’s really easy to search for the *.html files. Just logon to your server via SSH and type find . -name “r.html” -print. This will search for all files called r.html in the current directory and in all subdirectories. If you got a large web site it may take some time :(


Popularity: 7% [?]

Posted in Malware, Trend Micro | No Comments »

YAMSIA - Yet Another Massive SQL Injection Attack

Saturday, July 19th, 2008

Trend Micro has created the new word (or at least it’s the first time I’ve seen it) YAMSIA in one of their latest blog posts. The reason for YAMSIA is Yet Another Massive SQL Injection Attack which is causing problems for certain .ASP pages.

The botnet behind this attack is the Asprox botnet and it has been around for quite some time :( . The botnet is searching the web for certain .ASP pages and then launching an SQL injection attack against these pages when vulnerabilities are found.

The botnet adds a special .js file on attacked sites which is pointing to yet another .js file on another domain. Depending on your country of origin you may be redirected to www.msn.com without any danger at all, but if you’re lucky enough to be let in your computer will be filled with several vulnerabilities - all with intentions of hocking your computer up to the botnet.

Trend Micro says:

Unfortunately, security is still a major issue with the majority of Web sites, and until it becomes one of the core design goals from the start of a Web site project, expect to see more YAMSIA (Can you tell I’m trying to get this mnemonic to stick?) blogs in the future.

Read the full story here, or start working on your insecure SQL code immediately.

Popularity: 10% [?]

Posted in ASP, Botnet, SQL, Trend Micro | No Comments »
© Copyright 1996-2008 Xavier Media. All rights reservered.
Contact us | Support/help | Privacy Policy | Company Info | SiteMap
The World According to Xavier | Xavier in the World | the Xavier Media blog