Senin, 11 Februari 2013

Hazardous sites in Indonesia 22 January 2013, Sun Go Kong lose as Pegasus !

Software or the software's like a pistol. In the hands of bad people, let alone real pistol, toy gun or pistol assemblies though widely used to commit crimes and be the gun involved in the crime. In contrast, in the hands of Black Steel Knight, gun used to protect the good. Similarly, malware, actually its software essentially neutral and does whatever is designed and instructed by the manufacturer. He will execute any command regardless of any target creators. In the evaluation of Online Malware in Indonesia in January 2013 was Vaksincom provide 20-page site containing malware detected Indonesia to watch the site visitors that do not have protection from malware threats browser. Most malware is embedded by criminals to exploit vulnerabilities sites (implicit in the site administrator negligence in protecting the site) and several other sites are act of Ramnit malware like computer that is still active wara-Wiri in Indonesia. Victims of malware online varies, most come from academia, either SMP, Polytechnic or University known ones can be a victim. Followed by either government agencies or departments of the company and its subsidiaries owned many victims of malware online and actively carry out the action to the infected site visitors. Then the last group is a private group, both business and non-profit, large companies that go public, is owned by an international network of companies do not guarantee safe from malware attacks online. Similarly philanthropic organization that works to help people was not immune from malware infections. Moreover, companies with profit orientation as one company under the name liniment kerasakti frightening, but this time kerasakti less powerful because Javascript malware infected JS: Trojan.Script.AAL that will do a lot of things that hurt visitors, from simply displaying a specific message, divert traffic internet to deliver malware to the site visitor's computer to do if ordered by malware authors.

Java Script and Redirector

Types of malware champion the most common infecting internet sites in Indonesia is the type of Java Script and Trojan redirector like JS: Trojan.Script.AAL or also known as JS: ScriptIP-inf and Trojan Redirector. The few examples of malware actions are as follows:

Trojan Redirector if successful will infect directly access switch as shown in figure 1 and 2.

Figure 1, the initial process of transfer of infected sites Trojan Redirector

Depending on the wishes malware authors, if Redirector will redirect visitors to another site and the experiments conducted Vaksincom redirected visitors to a site that offers a slimming body. Still profit (profit continues: p) is not redirected to porn sites or sites that contain malware.

Figure 2, The access to government sites will then be transferred to the seller's site body slimming products.

The actions are encountered such as Javascript malware JS: ScriptIP-Inf higher risk because he can drive visitors to the site to download other malware techniques "drive by download" and JS: ScriptIP-Inf is also often faked himself as a good software to fool victim to activate him.

How to JS: ScriptIP-Inf can infect internet server, most likely because it exploits vulnerabilities web server to embed itself and automatically it will show itself in the sites visited by injecting himself in certain parts of the site. (See figure 3)

Figure 3, which inject Javascript and will direct access to sites advertising for the benefit of malware authors.

The malware Javascript not choose their victims indiscriminately. According watchlist Vaksincom, large corporate site already owned by the public and a large group of European companies become victims of the infection (see figure 4)

Figure 4, the world's publicly traded companies that are victims JS: ScriptIP-inf detected by G Data Total Protection 2013 as JS: Trojan.Script.AAL

How to prevent it

If you are a webmaster, one of the effective ways to prevent becoming a victim is to discipline Javascript injection patching / cover up your web server vulnerabilities. Security is a process and can not be enforced to punish others but we do not do introspection to analyze what security gaps / weaknesses and cover it so it gets harder to hacked / on malware infections.

Security is a process, and we could not buy safety / security. Proverbial padlock, you can buy a padlock art, but art that you should lock mounted on a strong fence to the correct method as the key should not be placed at random so that it can be taken / copied others. In addition, although the lock can not be tampered with, if the fence is weak thief could well result in from other parts of the fence / wall is weak.

In this case, Vaksincom advise webmasters to find a reliable hosting company on a regular basis and do maintain up webservernya. If you want to do yourself, make sure that all safety aspects are covered, both webservernya protection, DNS and others should also be a concern.

If your site visitors / users computer layman, Vaksincom recommend you to use antivirus program that has the ability to "Web Protection" (see Figure 5) because it proved capable of protecting you from malware threats that lurk in the browser (see Figure 6)

Figure 5, G Data Total Protection 2013's protection features to protect you from malware that lurks from browser

Figure 6, G Data Protection immediate action memblik Web site that contains malware and is compatible with Firefox, Chrome and Internet Explorer.

The list of 22 sites of Indonesia throughout the month of January 2013 were detected containing malware can be seen in figure 7 below. As at January 30, 2013, the majority of the site still contains malware and has not been cleaned. Some are calling the site administrator Vaksincom respond well and quickly anticipate malware infections on site management. This is important because it indirectly provide a site that contains malware threat to the visitors who could have been your customers (if you are a company), your people (if you are the government) or principal and your suppliers and this is definitely going to give a bad image to the image company / organization.

Figure 7, list several pages infected with malware in Indonesia January 2013

Souce :, translate by Yohanes Gitoyo., S Pd. , January 30, 2013

Tidak ada komentar:

Posting Komentar