SCO “own all your code”

SCO's web site now proudly proclaims "We own all your code" and "pay us all your money".

Some people might claim that this just represents a simplification in SCO's stance on Unix intellectual property but a closer look reveals that the prominent image on their home page was the work of an attacker.

sco1.gif

In addition to the two comments made by the image, a woman is also depicted writing "Hacked by realloc()", which corresponds to the same person responsible for an attack on the site yesterday.

The same image also appears on SCO's backup site, thescogroup.com. It is not yet known whether this attack is related to the recent web site outages experienced on the site.

Phishing Activity Surges Ahead of Holiday E-commerce Season

Phishing activity has surged in recent weeks, according to new data from the Anti-Phishing Working Group (APWG), which found increases in both phishing attacks and the sites hosting them. The group documented 6,597 new, unique phishing email messages in October, more than three times the 2,158 seen in August.

The APWG also cited 1,142 different web sites used in the October attacks, twice September's total of 584. That sharp rise in attacking sites suggests that phishing operations may be automating the deployment of attacks via hacked web servers.

Continue reading

SCO Web Sites Experience Outages

The main web site of The SCO Group has been offline for an extended period today, with several related domains affected as well. The main site at www.sco.com has just returned to service, with the alternate domain www.thescogroup.com having come back online earlier. TheSCOGroup.com was established as an alternate URL during the MyDoom-related denial of service attack on SCO in February, which kept www.sco.com offline for more than a month.

Site performance for www.sco.com

A dynamically upgrading graph of SCO-related sites is available here.

Continue reading

The Register Among Sites Serving Banner Malware

Technology news site The Register today identified its ad serving provider, Falk AG, as the source of banner ads which spread an IFRAME exploit via its web site for more than six hours Saturday. The Register apologized to its readers and recommended that they check their machines for infections.

Reports Saturday noted that the exploit appeared on numerous European sites, but it appears U.S sites may have been affected as well. An analysis of the exploit by LURHQ noted that "one of the hacked sites included a well-known Hollywood film studio's website." Falk AG's client list includes numerous entertainment properties, including NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital. The Dutch news site Nu.nl has also acknowledged hosting the banner exploits.

The Register said it is pursuing details of the event from Falk, which is expected to have public comment about the incident Monday. The LURHQ analysis said some versions of the complex exploit installed adware onto users' computers, while other versions downloaded remote-access trojan.

Continue reading

IFRAME Exploit Spreading Through Banner Ads

Banner ads appearing on popular European web sites have been directing traffic to sites that install malware on visitors' computers, according to the Internet Storm Center. The attacks are exploiting an unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

"Some high profile sites with banner ads are linking to servers that have the exploit and malicious code," according to an advisory on the ISC web site. The attack is an expanded version of banner-based exploits that first surfaced earlier this year. Banner networks, with their ability to place code on hundreds of outside sites, offer a vehicle for the rapid distribution of trojans and other malware, as well as a way to deface web pages. It is not clear whether the malicious code was being spread through a compromised ad server, or through specific banners submitted to ad networks.

Continue reading

Flexible Plans Drive Huge Growth at The Planet

It's been a huge year for The Planet, the Dallas-based hosting provider that has grown from 124K hostnames in January to more than 578K this month. A key factor in The Planet's growth has been the success of its Total Control Server program, which launched in March and just brought its 2,500th server online.

Total Control Servers target small and medium-sized businesses that have grown beyond a standard dedicated server but can't easily afford traditional managed solutions. The program allows customers to customize a plan from a menu of hardware, software, bandwidth, backup and professional services. The program is billed on a month-by-month basis, with no money down and fees ranging from $249 to $1,999 per month.

The approach has proven popular with customers of other hosting providers, who account for the majority of The Planet's growth since the program's debut in March. An analysis of The Planet's competitive performance using our Hosting Provider Switching Analysis shows that of the 448K hostnames added in that period, more than 242K have come from rival hosting providers.

Growth Trends for The Planet

Continue reading