Best of the Week
Most Popular
1. Will Iran Kill the PetroDollar? - Marin Katusa
2. Tail Events, Isolation, New Normal Of Hyper Monetary Inflation - Jim_Willie_CB
3. Kodak's Former Moment, A Lesson for You, Me and America - Gary_North
4.The Five Stages of Collapse and the Coming Paradigm Shift in Silver - Steve_St_Angelo
5. UK Recession 2012 Certain as Bank of England Prepares to Ramp Up Money Printing Presses - Nadeem_Walayat
6. HMRC Extends Tax Deadline by 2Days for Self Assessment Online Filing - Nadeem_Walayat
7. Gold GLD ETF Investors Mass Exodus - Zeal_LLC
8. Credit Crisis Perfect Storm, Robert Prechter Discusses What's Backing Your Dollars - Robert Prechter
9. Best Cash ISA 2012 to Reduce Stealth Inflation Theft of Value of Savings - Nadeem_Walayat
10.Financial Markets 2012, When Leverage Fails - Ty_Andros
Last 5 Days Analysis
The Next Big Asian Emerging Market - 9th Feb 12
Different Measures of U.S. Unemployment, but Consistent Story is Visible - 9th Feb 12
The Fed's Quasi-Fiscal Policies - 9th Feb 12
Will Currency Devaluation Fix the Eurozone? - 9th Feb 12
What If Iran Closed The Straits Of Hormuz? - 9th Feb 12
Gold Will Advance to $2,500 If Euro Zone Breaks Up - 9th Feb 12
Ben Bernanke is Every Gold Bug's Best Friend - 9th Feb 12
Apple Stock Heading Over $600 on iTV and iPad3 - 9th Feb 12
Money Market Funds Are in the Fight of Their Lives - 9th Feb 12
China's Economic Rebalancing Should Be Good for Gold Demand - 9th Feb 12
Waiting to Pounce on Gold and Silver Profits - 9th Feb 12
Learn How to Apply Fibonacci Retracements to Your Stock Index Trading - 8th Feb 12
Do Low Interest Rates Power Stock Markets Higher? - 8th Feb 12
SILVER: The Illegitimate Child Of The Commodities Family - 8th Feb 12
A New Reason Gold Stocks Will Soar - 8th Feb 12
The Deception of 0% Interest Rates, High Costs and Capital Destruction - 8th Feb 12
Bring Down the New World Order with Free Market Education - 8th Feb 12
Gold Increases In Value During Inflation or Deflation Scenarios - 8th Feb 12
Gold Holds Steady as U.S. Dollar Hits 2-Month Low - 8th Feb 12
Markets Risk Train Chugs Along, Overbought Does Not Mean a Correction is Coming - 8th Feb 12
Banking, U.S. Housing Market and Mortgages - 8th Feb 12
Has Zero Interest Rate Policy Held Back Economic Recovery? - 8th Feb 12
Graphite and Rare Earth Metals for the 21st Century - 8th Feb 12
Gold Odysseus Journey Continues! - 8th Feb 12
The Fed Resumes Printing Money to Monetize U.S. Government Debt - 7th Feb 12
Timing the Market: Predicting When the FED Will Act Next (Feb 12) - 7th Feb 12
U.S. War With Iran? - 7th Feb 12
Abandoning the U.S. Dollar for Gold - 7th Feb 12
Financial Crisis American Gridlock, Why The “Left” And The “Right” Are Both Wrong - 7th Feb 12
The Fed is Engineering Barack Obama’s Re-Election Campaign - 7th Feb 12
Finding Fundamentals Key to Gold Stocks Investing - 7th Feb 12
US Debt Will Explode Without Changes - 7th Feb 12
Gold Compared to Past Bubbles - 7th Feb 12
Illusion Of Economic Recovery – Feelings & Facts - 7th Feb 12
In the Gold Bullring - 7th Feb 12
This Precious Metal Could Rise 125% Over the Next 10 Months - 6th Feb 12
Washington Heading for War on Syria - 6th Feb 12
Gold "Rollercoaster" Heads Yet Lower as Greece Hits "Crunch Time for Bankruptcy" - 6th Feb 12
Did Friday's Gold Price Action Signal a Stock Market Top? - 6th Feb 12
Monday Financial Markets Madness – What’s This Greece Thing? - 6th Feb 12
Stock Market Investors Dangerous Times Ahead, Will Impact Gold - 6th Feb 12
Gold, Stocks and Euro Fall As Possible Greek Debt Default Looms - 6th Feb 12
Bond Investors Pour into Emerging Market Debt in Hunt for Higher Yields - 6th Feb 12
New Spy Technology Could Be Worth Billions - 6th Feb 12
U.S. Fraudulent Election Year Unemployment Data, Lies, Lies, More and Bigger Lies - 6th Feb 12
Double Liability for Bank Shareholders, Officers and Directors - 6th Feb 12
Stock Market Next Short-term Top in Sight - 6th Feb 12
U.S. Home Foreclosures and Shadow Banking: Why All the "Robo-signing"? - 5th Feb 12
Look at What 'Worked' in the Great Depression - 5th Feb 12
Putting Good U.S. Employment Numbers in Perspective, College Education Isn’t Enough - 5th Feb 12
Stock Market Weekend Update - 5th Feb 12
The Doomsday Machine - 4th Feb 12
Are US Treasury Bond Markets a Sell? - 4th Feb 12
Obama’s Refinancing Swindle, Banks Want to Dump Millions of Risky Mortgages Onto FHA - 4th Feb 12
The Euro Zone and the Crisis of Sovereign Debt - 4th Feb 12
Is the U.S. 'Decoupling' From the European Debt Crisis? - 4th Feb 12
The Crucial Pillar of the New World Order - 4th Feb 12
Gold Junior Mining Stocks Poised to Rebound - 4th Feb 12
U.S. January Employment Situation Shows Widespread Improvement, but Short of Full Employment Mandate - 4th Feb 12
U.S. Non Farm Payrolls Interesting Market Divergences - 4th Feb 12
Gold and Silver Mining Stocks Tops Might Be Just Around the Corner - 4th Feb 12
Critical Materials for Critical Technologies - 3rd Feb 12
Junior Gold Mining Stock - 3rd Feb 12
SOPA, PIPA, The State of US Surveillance - 3rd Feb 12
Essential Investor Preparations for The Big Crisis - 3rd Feb 12
U.S. Jobs, El-Erian U.S. Structural Issues Aren't Being Dealt With - 3rd Feb 12
What Every U.S. Investor Should Know About Inflation - 3rd Feb 12
Gold Challenges Resistance at $1,750/oz – Technicals and Fundamentals Remain Very Positive - 2nd Feb 12
German Central Bailing Out Europe - 2nd Feb 12
In the Wake of Davos: "Strong Economic Medicine" for the European Union - 2nd Feb 12
The American Economy is "Dead": The Illusion of Economic Recovery - 2nd Feb 12
Irish People Bailout of Bond Holders, Vincent Browne v The European Central Bank Video - 2nd Feb 12

Free Instant Analysis

Free Instant Technical Analysis

Market Oracle FREE Newsletter

How You Can Identify Stock Market Turning Points Using Fibonacci

Iframes Injection Trojan Downloader Virus Hacking Sites and Desktops Protection

sitenews / Strategic News Aug 28, 2008 - 12:11 AM

By: Nadeem_Walayat

sitenews

Best Financial Markets Analysis ArticleThe Market Oracle web site was the victim of being hacked on Saturday the 23rd of August 2008 at 10.42am (CST)

The site was brought down for 5 hours on Saturday, following which we managed to bring the site back online, following which we attempted to determine exactly what had happened to bring the site down.


Server Glitch or Hack ?

Our initial reaction was that some of the sites system files on the server had become corrupted due to a server error as the server has one of the best anti-virus packages installed (Kaspersky) , and additional mod security and protection against brute force hacking attempts that have thus far prevented any successful hacking of the web site for several years.

On investigation of what had happened we found that the site was definitely brought down as a consequence of malicious action rather than a server glitch as we found code had been injected into some of the sites pages the aim of which was to redirect visitors to the hackers own site via iframes.

On the realization of this we immediately suspended the site whilst we worked on how to cleanse the site of injected code and ascertain who hacked us and how.

The Market Oracle site system files were replaced from a clean back up which enabled us to bring the site back online during the 27th of August 08.

Desktops Compromised Not Server

After extensive analysis, we managed to ascertain that the most probable route for the successful hack was via a compromised desktop that enabled ftp access onto the server, therefore this implies that the server itself was not directly hacked. The most probable route of the virus was via one of the three desktop systems that we use to maintain the web site, and that despite anti-virus software installed the route was probably via visiting a compromised web site that was unaware of the fact that they had been compromised.

We took the action to wipe all three computers which has disrupted our ability to maintain the Market Oracle web site with new content for 4 full days.

Additionally content update during 27th of August was limited as we suspended ftp access to the server.

Who hacked us and Why ?

Initially we thought that the hacking was a consequence of our recent articles on the New Cold War brewing over the Russia / Georgia conflict. However we tracked the source of the virus down to South Korea and further to the Chung-Ang University.

The aim of the attack appears to be to spread a trojan dowloader virus that attempts to infect more desktops with the aim to eventually infect more web sites via ftp access and therefore propagating itself. Furthermore the Chung-Ang University source of the virus attempts to download numerous additional viruses via the trojan downloader onto desktops.

Research has revealed that thousands of web sites are being compromised on a daily basis including government web sites, with many of the web sites unaware that they have been compromised. A search for iframe injection reveals the extent of the problem.

Defence Against Iframes compromised Websites

Immediate action can be taken to prevent iframes code compromised websites from executing the code within iframes by the following procedure -

In internet explorer navigate to - Tools - Internet Options - Security Tab - Custom Level

Under Miscellaneous

Launching programs and files in an IFRAME - DISABLE

Navigate sub-frames across different domains - DISABLE

Defence against Hacking / Virus attacks in General

The defence for servers is to ensure ftp access is highly restricted, as well as maintaining up to date anti-virus, mod security and secure permissions as well as server script monitoring that flags any changes to site system files.

The defence for desktops is to ensure that good anti-virus and anti-malware software is installed such Kaspersky. Additionally AVG offer a free version of their anti-virus that does not expire. Purchasing an good anti-virus package for $30 to $60 is probably the best investment you will make.

Regular Backups

This experience also illustrates the importance of making regular backups of system files and data. In this age of cheap removable storage this is no longer a time consuming exercise when a monthly backup can be completed within a matter of minutes.

What if you are already infected ?

Then its probably too late to install an anti-virus package after your system has become infected.

The best course of action is usually to wipe the desktop and restore from a backup. If you do not backup then you should copy your documents / data before performing a fresh install, and ensure you run a full anti-virus scan on your data before you access it.

By Nadeem Walayat
http://www.marketoracle.co.uk

Copyright © 2005-08 Marketoracle.co.uk (Market Oracle Ltd). All rights reserved.

Nadeem Walayat has over 20 years experience of trading, analysing and forecasting the financial markets, including one of few who both anticipated and Beat the 1987 Crash. Nadeem is the Editor of The Market Oracle, a FREE Daily Financial Markets Analysis & Forecasting online publication. We present in-depth analysis from over 150 experienced analysts on a range of views of the probable direction of the financial markets. Thus enabling our readers to arrive at an informed opinion on future market direction. http://www.marketoracle.co.uk

Disclaimer: The above is a matter of opinion provided for general information purposes only and is not intended as investment advice. Information and analysis above are derived from sources and utilising methods believed to be reliable, but we cannot accept responsibility for any trading losses you may incur as a result of this analysis. Individuals should consult with their personal financial advisors before engaging in any trading activities.

Nadeem Walayat Archive

© 2005-2012 http://www.MarketOracle.co.uk - The Market Oracle is a FREE Daily Financial Markets Analysis & Forecasting online publication.


Comments

Simon Lawrence
29 Aug 08, 03:05 		Checking your desktop

Hi,

I run AVG on both my home computers. One of them did block an attempt to download a Trojan through javascript from your sight while it was compromised. The other did not report anything at all and i probably visited your site during the same day with that machine. AVG on both machines now report clean scans. In your opinion are both computers likely to be clean? If not what specifically should i look out for.

Also how is the book coming along? I look forward to reading on its completion.

Simon Lawrence
Nadeem_Walayat
29 Aug 08, 11:12 		AVG

Hi

Reboot into safemode and run a full scan.

The book is on hold, I literally have a mountain of work to get through, no time for the luxury of finishing a book, maybe sometime next year.

Best.

NW

Post Comment (Moderated)




Commenting Issue - If on submitting you are returned to the main Index Page (50% chance) then your comment has not been accepted, Follow below steps for 95% chance of comment being accepted.

  1. Click your browser Back button (from main index page).
  2. COPY your comment text from Comment box (i.e. copy to clipboard).
  3. Press PAGE Refresh - You should see the message "You are not authorized to carry out this operation"
  4. Paste your comment back into the comment text box.
  5. Click Submit - If everything goes okay you will remain on the article page with the message "Your comment was held for moderation and will be reviewed shortly".
  6. If instead you are again returned to the main index page then repeat 1-5, alternatively EMAIL to comments @ marketoracle.co.uk quoting the article number.

FREE Deflation Survival GuideFREE Updated 118 Page Independant Investor E-book