Source Pravda.Ru

Malicious Javascript toolkit rages in Internet

A common JavaScript-related security problem reminded of itself.

It’s cross-site scripting, or XSS, a violation of the same origin policy. XSS vulnerabilities occur when an attacker is able to cause a trusted Web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. In that example, the script can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization.

The vivid example is about 10,000 trusted websites infected last month by javascript toolkit, aimed at sending victims' personal information to attackers via the web.

Finjan, a privately owned web security company, reported that the new toolkit is a very smart program and can easily avoid detection, adapt to new conditions and make an adjustment when patch released.

The user embeds malicious script into the websites himself. The script does not appear on the site after end-user’s first appearance. That’s why it’s almost impossible to track it down.

Though discovered the script is still active and harmful.

Photo: www.microsoft.com

Comments
The horror story called Brazil: Murder and destruction
Russia close to recognising Donetsk and Luhansk republics after Donbass elections
Five years after Maidan revolution, Ukraine remains one of Europe's most corrupt states
Why Trump tries to re-industrialize America
USA plays to pretend a mighty dragon that can no longer breathe fire
US interferes in election of Interpol president, Kremlin believes
US interferes in election of Interpol president, Kremlin believes
Five years after Maidan revolution, Ukraine remains one of Europe's most corrupt states
Brexit: The UK's misunderstanding of Democracy
Kuril Islands dispute between Russia and Japan: The impossible is impossible
Argentina hides the truth about the death of San Juan submarine
Japan ratifies agreement to supply weapons and ammo to warring states
Russia to ban capture of killer whales and belugas in 2019
Russia to raise sunken floating dock
Why Trump tries to re-industrialize America
Kuril Islands dispute between Russia and Japan: The impossible is impossible
Putin dislikes the idea of US army bases coming to Kuril Islands
Argentina hides the truth about the death of San Juan submarine
USA plays to pretend a mighty dragon that can no longer breathe fire
Russians lose faith in their future, get ready for worse
Russians lose faith in their future, get ready for worse