The Latest in IT Security

Old School Meets New School


In the "old days", when a hacker broke into your Web site, he’d usually "tag" it: post a new home page bragging to the world that he’d owned your site.

These days, when the Bad Guys break into your Web site, they usually keep very quiet about it, since they don’t want you (or anyone else!) to know that they’re there. This way, they can add malicious links or iFrames to your pages, or set up a link-farm, or otherwise use your site for their evil purposes.

Monday, we picked up another "Fake Facebook Foto" attack in our logs, and I went to take a look at the site hosting the malware payload, Here’s what I saw:

screenshot of brag-page on hacked site

Gee, you think maybe this is a hacked site?

Now that’s Old School hacking.

However, the next question is why an Albanian hacker group would want to announce to the world that they had hacked a site, and were now using it to serve a malware payload in a Fake Foto attack on Facebook. (Especially because most of the FFF attacks I see are conducted in either English or Portuguese…)

The answer appears to be that has such poor security that it was hacked at least twice, once by a "new school" Bad Guy, who wanted to quietly use it in a malware attack, and also by an "old school" hacker crew, who just wanted to show off…


Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments