Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3Rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

‘Discreet’ little malware ‘iframe’

p2pnet news | Security:- UK-based writer and broadcaster Bill Thompson says he thinks his blog was hacked sometime last week, “and a discreet little <iframe> linking to a malware hosting site was added to the 30boxes widget you can see on the right”.

He goes on:

It wasn’t 30boxes fault - the widget code hadn’t changed, so I assume that something managed to inject the relevant line of code into my database by exploiting a flaw in Wordpress.

I’ve just upgraded to Wordpress 2.3 and have checked what I can, but am still investigating as I’d like to know what the hole was so I can be sure it is patched. And I apologise to anyone who got a nasty alert message when they visited when using IE.

Special thanks go to John Warlow, who was trying to figure out how to fix the RSS feed coming from the del.icio.us entries (something that bugs me too!) and took the time to email me about the site’s attempt to download VBS.Phelp onto his PC. And no thanks to Google/Stopbadware who flagged the site as infected but didn’t bother to tell me they had done so, or offer any indication as to what the problem actually might have been.

Interesting.

“I noticed that a small 6px x 5px gif appeared for a while on p2pnet right at the bottom of the page, and I think it could be a minor privacy hazard,” Andy emailed me a little while ago.

I’d meant to check it out. But I forgot.

Andy goes on:

Here’s why: its properties include the referrer tag … with the previous page tacked on the end. So a user visits a private site … and follows a link to a p2pnet story. Then the user saves the page, and emails it to a friend (or his boss). The recipient can then see, in the image properties, where the user had previously been browsing.

I’m pretty sure the .gif on this site was to allow WordPress to gather statistics. But you never know, especially if you run the kind of blog which has potential interest for certain undesirables ………

Jon

SlashdotSlashdot it! Add to Technorati Favorites

Also See:
Bill Thompson - Malware and my blog, October 23, 2007

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.

This entry was posted on Wednesday, October 24th, 2007 at 5:45 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 6232 times

« previous Italy wants to gag the Net
Home-grown China Olympics phone next »

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
GigaNews
 


Remove Spyware with AntiSpyware for Windows®