As “Cnet”:http://www.news.com/8301-10784_3-9894181-7.html?part=rss&tag=feed&subj=NewsBlog and “ITNews”:http://itnews.com.au/News/72214,second-mass-hack-exposed.aspx reported, Trend Micro got hacked last week. It was later discovered that users who visited the site got lucky in a big way: “We now know that the redirect on the site was broken code,” Mr Sweeny, Trend Micro’s spokesperson told “ITnews”:http://itnews.com.au/News/72184,trend-micro-details-its-recent-failed-web-attack.aspx. “It didn’t work properly and didn’t infect anybody.”
Additionally ITNews reported that a different wave of infection has formed, and it involves working code. This “second mass attack”:http://itnews.com.au/News/72214,second-mass-hack-exposed.aspx is different, since it attempts to trick users into manually downloading an infectious codec.
The difference is linked with the modes of assault, ASP versus phpBB, “AvertLabs explains”:http://www.avertlabs.com/research/blog/index.php/2008/03/13/follow-up-to-yesterdays-mass-hack-attack/. ASP attacks tend to focus on exploits that manipulate vulnerabilities in browsers or other software. The phpBB attacks use social engineering by exploiting the “cognitive biases”:http://en.wikipedia.org/wiki/List_of_cognitive_biases of users. I give the latter approach more points for interaction and creativity to manipulate users. Those points (sadly) get negated by the terminal result of those efforts.
Maybe the 200,000 users who went for the faux-porn offer (enough that they tried to download the player) should “remember”:http://www.download.com/8301-2007_4-9768006-12.html?part=rss&tag=feed&subj=TheDailyDownload if the prize is too big, its probably not worth th download.
