Security Community Blog

As we all know there is a mass attack of /*LGPL*/ and /*Exception*/ type script on websites. I have seen plenty of websites infected with this type of infection and finally I decided to write a script to remove the codes inserted in files all over the server directories.

As a new version of /*LGPL*/ and /*Exception*/ is out in wild. The code inserted in web pages after the BODY Tag or at end of Javascript files looks a bit like.

<script>/*LGPL*/ try{ window.onload = function(){var C1nse3sk8o41s = document.createElement('s&c^$#r))i($p@&t^&'.repl

<script>/*Exception*/ document.write(.....)

<script>try{window.onload=function(){(.....)

The SCRIPT tag above is not present in javascript(.js) files.
Well it is just another type of IFRAMER worm. Once deobfuscated, it loads javascript from
[http][POPULAR-DOMAIN-NAMES].easylifedirect.ru:8080/[POPULAR-DOMAIN-NAMES]/google...

Posted on behalf of Paul Wood

This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.

We concur that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.

That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys.
So without further ado, I present to you...

Everyone knows USB drives are a huge chance for losing data.  I found a way to make that worse.
 
I bought a USB drive for my wife to use on her personal laptop.  We all carry at least one of these.  Her drive stopped be recognized, let alone work on the system. 

Since it had only been used 3 times, i wanted the manufacturer to replace it under warranty.  They offered to exchange it only if i send it back with drive intact.  I was shocked that they required me to send it back.  They had a fax number that if i was with the government and can send letterhead of such an organization asking to not send the drive, and they will exempt it.

So a new drive cost $60-$150 depending on size.  Having personal, let alone any corporate data on the drive and it falls into the wrong hands, which if it is being sent in a box that says what company makes the drive or is addressed to the company, it would be easy for someone...