SCO's web site now proudly proclaims "We own all your code" and "pay us all your money".

Some people might claim that this just represents a simplification in SCO's stance on Unix intellectual property but a closer look reveals that the prominent image on their home page was the work of an attacker.

In addition to the two comments made by the image, a woman is also depicted writing "Hacked by realloc()", which corresponds to the same person responsible for an attack on the site yesterday.

The same image also appears on SCO's backup site, thescogroup.com. It is not yet known whether this attack is related to the recent web site outages experienced on the site.

Phishing activity has surged in recent weeks, according to new data from the Anti-Phishing Working Group (APWG), which found increases in both phishing attacks and the sites hosting them. The group documented 6,597 new, unique phishing email messages in October, more than three times the 2,158 seen in August.

The APWG also cited 1,142 different web sites used in the October attacks, twice September's total of 584. That sharp rise in attacking sites suggests that phishing operations may be automating the deployment of attacks via hacked web servers.

(more...)

The main web site of The SCO Group has been offline for an extended period today, with several related domains affected as well. The main site at www.sco.com has just returned to service, with the alternate domain www.thescogroup.com having come back online earlier. TheSCOGroup.com was established as an alternate URL during the MyDoom-related denial of service attack on SCO in February, which kept www.sco.com offline for more than a month.

A dynamically upgrading graph of SCO-related sites is available here.

(more...)

Technology news site The Register today identified its ad serving provider, Falk AG, as the source of banner ads which spread an IFRAME exploit via its web site for more than six hours Saturday. The Register apologized to its readers and recommended that they check their machines for infections.

Reports Saturday noted that the exploit appeared on numerous European sites, but it appears U.S sites may have been affected as well. An analysis of the exploit by LURHQ noted that "one of the hacked sites included a well-known Hollywood film studio's website." Falk AG's client list includes numerous entertainment properties, including NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital. The Dutch news site Nu.nl has also acknowledged hosting the banner exploits.

The Register said it is pursuing details of the event from Falk, which is expected to have public comment about the incident Monday. The LURHQ analysis said some versions of the complex exploit installed adware onto users' computers, while other versions downloaded remote-access trojan.

(more...)

Banner ads appearing on popular European web sites have been directing traffic to sites that install malware on visitors' computers, according to the Internet Storm Center. The attacks are exploiting an unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

"Some high profile sites with banner ads are linking to servers that have the exploit and malicious code," according to an advisory on the ISC web site. The attack is an expanded version of banner-based exploits that first surfaced earlier this year. Banner networks, with their ability to place code on hundreds of outside sites, offer a vehicle for the rapid distribution of trojans and other malware, as well as a way to deface web pages. It is not clear whether the malicious code was being spread through a compromised ad server, or through specific banners submitted to ad networks.

(more...)