Check out this page at azarask.in. They demonstrate a new method of phishing. A page you are looking at can auto-switch to a page that resembles a page of a trusted website such as gmail, facebook, paypal, or online banking. Part of the attack involves changing the favicon of the page and monitoring for page inactivity.
Tuesday, May 25, 2010
Tuesday, May 18, 2010
Owners of self-hosted WordPress based websites should make sure that their FTP and wordpress passwords are secure. Also review your WordPress installation to make sure that it is up to date. The current version is 2.9.2. Sites hosted on WordPress.com are not affected.
Intruders in recent weeks have hacked a large number of websites created through the WordPress blogging platform to spread malware, with another major campaign launched on Thursday, security researchers said.
In addition to WordPress blogs, websites created with other PHP-based platforms, including the Zen Cart eCommerce solution, were affected by the attacks, Regina Smola, co-founder of WPSecurityLock, a provider of WordPress security services, told SCMagazineUS.com on Tuesday.