TrendMicro is this morning reporting about manipulated ratings at eBay.co.uk. The ratings at eBay show the users history using stars. The more stars (five is the maximum) a user got the more successful trades have been completed and the more trusted a user can be.
The manipulation works like this. The unsuspecting user visits one of the auction pages at eBay which contains an embed (and hidden) Shockwave file. The user is redirected to a .aspx file in Russia, which means that the user is doing business with someone he can’t identify . So be alert when you do business on eBay. Make sure you’re still at the eBay site at all times!
If you’re using Wordpress you should make sure that you’re using the latest version (at the moment 2.3.3) and that you’ve removed all the old files so no one can take advantage of a security leak in the old files. Shoemoney.com is reporting that people claim to have hidden links (or even iframes) injected into their latest installations of Wordpress.
First I want to say I have never seen any evidence of a fresh 2.3.3 install of Wordpress.
The issue most likely comes from either a previous exploitable file still existing in your Wordpress install directory or from someone who has already hijacked your admin cookie. You see there were some wicked exploits in earlier versions that allowed people to hijack your admin cookie which authenticates you (keep me logged in).
So the advice is to always keep your installations up to date, change passwords regularly and to remove old files used in previous version of your installation. This is not only true for Word press, but for all installations on your server like for example phpBB.
A good idea is also to keep a backup on your database at some other location then your current server. Wordpress got a few good plugins that can email your database to you on a daily basis, or if you can you should setup so your web server is sending a backup of your entire site to some remote FTP account.
Since a few days over 200 000 pages (most of them using phpBB) have been compromised with an exploit according to McAfee.
This video will show you how it looks like on the users side: March 2008 - Mass Hack Demo from Schmooog on Vimeo.If you got a forum using phpBB you have to make sure you’re using the latest version. Back in 2004 another mass hack of phpBB occurred so this is not the first (and absolutely not the last time) the users of phpBB forums learn the hard way how important backups are.
Welcome to the latest blog from Xavier Media about antivirus softwares, latest virus threats and how to protect you and your computer from scumware, trojans and other malware.
The virus map found on the main page is constantly updated with the latest threats you need to look our for. You can also “zoom in” on your region to see what’s going on in your part of the world.
Thanks to our friends at Trend Micro you can also scan your computer for viruses completely free by visiting this page.
More features and articles on how to protect yourself will be added shortly and I really hope that you like the new and improved antivirus page from Xavier Media .
. So be alert when you do business on eBay. Make sure you’re still at the eBay site at all times!
.