IT-Security-Links #29

IT-Security-Links #27


IT-Security-Links #26


New wave of attack on Swiss Webservers

Author: Serge Droz

Since a few weeks SWITCH-CERT has observed a dramatic increase in sophisticated attacks on Swiss web servers. The compromised servers will then be used to distribute malware through drive-by attacks. We currently observe two different, although related, linux based attacks. Both deploy the black hole exploit kit as the actual drive-by infrastructure.

Both attacks are extremely difficult to detect for website owners, because:

  • The attacker code is in the server config, through modules, not in the content part
  • The black hole exploit kit returns malicious content only once per day and IP

The two attack waves have been dubbed darkleech and Cdorked respectively. Most attacks go after cPanel managed systems and target Apache. But this is not always the case: There are reports, that versions exist that target Lighttpd and nginx. Many of the compromised systems seem to also have a modified sshd, containing a backdoor installed. So if a compromise is detected, sshd must be cleaned, too. Sometimes it’s possible to spot tampered binaries through an integrity check, that various package managers offer. This obviously only works if a packet has been installed through a package manager. On cPanel based systems the webserver is not installed by this mechanism.

Continue reading “New wave of attack on Swiss Webservers”

IT-Security-Links #24

Mehr Drive-By Exploits auf gehackten Schweizer Webseiten

Als Drive-By Exploit oder Drive-By Download bezeichnet man es, wenn auf dem Computer eines Internetnutzers nur durch das Aufrufen einer Webseite im Browser automatisch und unbemerkt schädliche Software installiert wird.

Nach der Infektion mit schädlicher Software haben Kriminelle meist unbegrenzten Zugirff auf den Computer und die darauf gespeicherten Daten und versuchen damit Geld zu verdienen. Trojaner stehlen z.B. Zugangs- und Kreditkarteninformation des Benutzers oder greifen in sein Ebanking ein. Ransomware versucht durch Einschüchterung des Benutzers und durch Blockade des PCs Geld zu erpressen.

Gemäss eines Berichts (PDF) der “European Network and Information Security Agency” ENISA stellen Drive-By Exploits für 2013 die grösste Bedrohung für Internetnutzer dar. Dies bestätigen auch die Zahlen aus der Schweiz. Continue reading “Mehr Drive-By Exploits auf gehackten Schweizer Webseiten”

IT-Security-Links #23



IT-Security-Links #22


IT-Security-Links #21

IT-Security-Links #20

IT-Security-Links #18


IT-Security-Links #17

IT-Security-Links #11


  • Der neue SWITCH-CERT-Report (PDF) zu aktuellen Trends im Bereich IT-Security und Privacy ist online.

hashdays 2012 – Security-Konferenzbericht

Dieser Artikel wurde von Peter Haag geschrieben.

Vom 31. Oktober bis 3. November fanden dieses Jahr wieder die Hashdays statt. Es war die dritte Auflage dieser sehr erfolgreichen Security-Konferenz in der Schweiz. Luzern ist zudem immer ein attraktiver Ort speziell für die aus dem Ausland angereisten Teilnehmer.

Continue reading “hashdays 2012 – Security-Konferenzbericht”

Reducing malware infections in Switzerland

SWITCH helps reducing malware infections in Switzerland by a factor of four!

Malware is a big issue in Switzerland too. It comes in many flavours, there is malware which tries to get at your bank account, there is malware, that converts your PC in to a spam machine, the list could be extended.

Last we reported how we remedy websites that distribute this malware. But websites are not the only source of malware. Top on the list are also e-Mail attachments, supposedly originating from Lotteries, Postal offices and so on.

Many internet users get infected, worldwide and in Switzerland. So is that it? After an infection, will you be an eternal net-zombi? Not if you live in Switzerland. Thanks to its international network SWITCH-CERT receives a daily dose of reports about infected IP-addresses in Switzerland. By far the largest number come from Team Cymru‘s CSIRT Assistance Programm. But there are other sources, such as MELANI or our own sensors.

Continue reading “Reducing malware infections in Switzerland”