200,000 Web sites compromised

Cybercriminals have acquired administrative log-in credentials for more than 200,000 Web sites and have used the compromised domains to attack unsuspecting users' PCs with a notorious hacker exploit kit, according to a Computer World report. The compromised Web sites included those belonging to Fortune 500 companies, weapons manufacturers and the U.S. Postal Service's www.usps.gov.

According to Computer World, Ian Amit, director of security research at Aladdin Knowledge Systems Inc., found and infiltrated a server belonging to a longtime customer of Neosploit, a hacker tool kit used by cybercriminals to launch exploits against browsers and popular Web software such as Apple Inc.'s QuickTime or Adobe Systems Inc.'s Adobe Reader. On that server, Amit uncovered logs showing that two or three hacker gangs had contributed to a massive pool of Web site usernames and passwords.

More than half of the site credentials'approximately 107,000'had been validated by the cybercrooks' custom application as providing administrative access to the sites.

The site credentials were only the means to an end: 80,000 modified sites were used as attack launchpads. Each served up exploit code provided by the Neosploit kit to any visitor running a Windows system that had not been fully patched, Copmuter World reported.

To read the full Computer World report, click here.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected