Wordpress has grown in popularity in recent months, emerging as a leading free alternative to Movable Type, which alienated many users with new licensing terms. The vulnerability could allow hackers to create a URL that generates pages in WordPress from content created by the hacker, rather than the site owner. An unsuspecting user following such a link would be sent to the trusted WordPress-based site, but encounter fake content that could include a range of exploits, such as links that infect their computers with spyware or trojans.

The spoofed page includes a form and asks the user to provide their Social Security number, ATM card number, ATM password/PIN, and the last four digits of their Suntrust account. The "bait" in this phishing scam is an email with the subject "SunTrust Bank - Suspicious Activity Suspected" with a spoofed return address of "services@suntrust.com." The mail tells SunTrust customers that "your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information." The mail includes a link to the investor relations page of the SunTrust site, which is manipulated to insert the spoofed page from a remote server at the IP address 194.47.244.145, located at Lund University in Sweden.

Authorize.net "successfully installed industry leading solutions designed to negate the impact of (DDoS) attacks," the company said over the weekend. "These installations are successfully thwarting a current and sustained attack with no DDoS-related degradation to our service whatsoever."

It's been a turbulent month for companies offering credit card processing for web site operators. PaySystems discontinued its third-party transaction processing service Aug. 16, and last week Authorize.net's operations were disrupted by a distributed denial of service (DDoS) attack.

Now the status of online payment processor iBill is in flux after its acquisition by Care Concepts Inc. was rescinded. Both Care Concepts and the seller, Penthouse International, say they hope to complete the deal at a future date.

Payment processing services allow web site owners to accept credit cards without a merchant account, offering to process transactions for third parties for a fee. The growth of third-party processors opened the e-commerce market to smaller companies, especially web hosting resellers and operators of adult sites.

Security groups are split on whether the image succeeds in its attempt, but most agree that the incident is a precursor to a more ambitious exploit with improved code. Others maintain that fears of a "JPEG of Death" wreaking havoc on the Internet are overdone, even as reports emerge that the vulnerability in Microsoft's Graphic Device Interface (GDI) is showing up in numerous non-Microsoft applications.

The malicious JPEG was sent to several Usenet newsgroups that post pornographic images. Some security researchers say early tests show the exploit crashes Windows XP machines when it is opened, but stops short of compromising computers. But maintainers of EasyNews, a web-based interface for reading Usenet, say the image installs a trojan. "Once this JPEG overflowed GDI+, it phoned home, connected to an ftp site and downloaded almost 2 megs of stuff," according to a message from EasyNews. "It installs a trojan that installs itself as a service."

The critical security hole allows a remote attacker to create a JPEG image that, when viewed in Microsoft software programs, could allow the hacker to gain control of the computer. The flaw was revealed by Microsoft Sept. 14, along with a security update that addresses it. Code that partially exploits the flaw was published last week, and has been rapidly developed into code that could be used in a virus or worm.

The latest exploit, published this morning on the Full Disclosure mailing list, claims to be able to create an administrator-level account on Windows machines. Another published exploit reported by AusCERT allows the excution of code on the remote machine.

"Authorize.net continues to experience a series of large scale distributed denial of service (DDoS) attacks," the company said in a statement on its web site, calling the attacks "unprecedented in their severity and tenacity." The company said the attacks have caused periodic outages for merchants using its service to process credit card payments. Some customers were able to process transactions from existing accounts, but were unable to sign up new accounts.

Alabanza hosts more than 188,000 hostnames, and specializes in the reseller hosting market. Its customers include 30 companies hosting 1,000 hostnames or more, including Apollo Hosting (13K) and ChristianWebHost (12K).

A dynamically updating graph is available here.

On Friday night, a tornado spawned by the remnants of Ivan ripped the roof off a data center in Ashburn, Va. that housed the beta site of the online game World of Warcraft, which posted pictures of the damage. Water leaked onto the servers, forcing a shutdown of the system, which was still down early Monday. WoW recently announced a deal to host the site with AT&T, which has a data center in Ashburn's Beaumont Corporate Park.

The flaw is worrisome because it affects a wide range of Microsoft software, including the Microsoft Office suite and most versions of the Internet Explorer browser, which regularly handles JPEG images housed on web sites. The JPEG standard (short for Joint Photographic Experts Group) is one of the primary graphic formats used in web sites, along with GIF and PNG.

MyDoom.W is lightly circulated at present, and has had no visible effect on Symantec's operations. According to Symantec, the worm programs infected machines to send a GET request to www.symantec.com on port 80 every 300ms from now through Oct. 1. Other antivirus firms say the attack is not scheduled to begin until Sept. 29. The antivirus vendors can't seem to agree on a name, either, as the worm is also identified as MyDoom.X and MyDoom.Y by various providers.

If the author's intent is to interfere with Symantec's ability to distribute virus definition updates to customers, he/she is using the wrong URL, as www.symantec.com is the company's main business web site. Virus updates are distributed via liveupdate.symantecliveupate.com, which uses Akamai's content distribution network to speed downloads and defend against DDoS attacks.

The data showed continued growth among country code top-level domains (ccTLDs), which now account for 39 percent of all domain registrations. Renewal ratess for .com and .net addresses reached 72 percent, the highest ever, after dropping as low as 45.7 percent in early 2003.

On the pricing front, the only change among .com pricing among major providers comes from Go Daddy, which lowered its .com price by a dollar to $7.95, an expected response to the introduction of $9.95 domain pricing from Yahoo.

Sniffers are devices that monitor network traffic, and are a useful network administration tool. They can also be useful to hackers, who install them on compromised computers to monitor and intercept packets flowing through a network. This in turn enables the attacker to capture unencrypted usernames and passwords, which can be used to compromise additional machines on the network.

In the three years since the Sept. 11 attacks, Wall Street firms have gradually shifted key parts of their IT infrastructure out of New York, moving backup data hundreds of miles away and building a dedicated IP-based extranet to prevent future terrorist attacks from disrupting the financial markets.

Terrorism concerns are high on Wall Street following last month's warnings that Al Qaeda has targeted New York-area financial sites. Since the 2001 attacks, regulators in Washington have been prodding Wall Street firms to create widely-distributed data backup networks that can have markets back online within hours of a worst-case scenario attack, including a nuclear event. Data backup, mirroring and transfer are critical elements of these plans.

As Rackshack, EV1Servers pioneered the $99 dedicated server, growing from 200,000 hostnames at the start of 2003 to more than 833,000 this month. But that growth has slowed, with a net gain of just 52,000 hostnames in the past five months. Internal issues, including a data center expansion and server availability bottlenecks, have been a factor. But EV1Servers has also found itself squeezed by competitors on both ends, with some competitors offering even cheaper servers, while others focused on managed services.

"I've become strongly convinced that being a good hosting provider in 2004 takes more than fast reboot times and affordable monthly fees," said Robert Marsh, CEO of EV1Servers.

Bot networks aggregate computers that have been compromised with trojans, allowing them to be remotely controlled by hackers. In the past year, the proliferation of e-mail borne viruses and auto-downloading trojans has dramatically increased the number and size of botnets, which now have economic value as Spam engines and tools in DDoS blackmail schemes. Compromised "zombie" machines were recently found on the networks of the U.S. Defense Department and Senate.

New.net continues to gain traction for its domain registration service, which operates outside the traditional ICANN domain system. New.net added nearly 52K hostnames last month, marking its third consecutive month of strong percentage growth, as measured by our Hosting Provider Switching Analysis. The company now hosts more than 130K hostnames.

New.net domains (which include .shop, .xxx, .ltd and .mp3) aren't recognized by the centralized domain name system, but are accessible to customers of partner ISPs or those who have downloaded software enabling New.net domains. Other domain registrars - including BulkRegister and RegisterFly - are now reselling the new.net extensions at prices ranging from $17.99 to $20.99. New.net claims that 180 million Internet users worldwide are able to access sites using its domains.

NR Software had the largest single percentage jump last month, gaining 57K hostnames switching from LasVegas.net.

Apache's decision, outlined in a letter to the Internet Engineering Task Force (IETF), culminates weeks of discussion among the IETF, Microsoft and open source advocates over whether Sender ID could work as a standard framework for anti-spam measures.

"The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any (Apache) project which wants to implement Sender ID," Apache chairman Greg Stein said in the letter. "We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms."

During August all of the hosters monitored experienced some failed requests, with iPowerWeb, Italian hoster SeeWeb and Rackspace the most reliable sites during the period.

For the first time, Linux is the dominant operating system, with five of the top ten running their sites on a Linux distribution.