Sometimes in this line of work, I feel like Mickey Mouse in fantasia. Just when he thought he had the broom under control, (by smashing it) there was another one, and another, and another!
Like other Trojans, Sinowal uses an HTML injection feature that effectively injects new Web pages or information fields into the affected victim's Internet browser -- and these injections seem like legitimate pages to the victim.
Trojan Caught Stealing Data From Hundreds of Thousands - Trojan horse/Vulnerabilities - DarkReading
what to do?
If you're the owner of the webpages -
- Regularly schedule penetration tests.
- Validate all new code being published is tested and secure.
- Establish credential management programs
If you're the consumer, use something like McAffee SiteAdvisor to validate a webpage is ok before you go to it.
Posts
No comments:
Post a Comment