Source Pravda.Ru

Malicious Javascript toolkit rages in Internet

A common JavaScript-related security problem reminded of itself.

It’s cross-site scripting, or XSS, a violation of the same origin policy. XSS vulnerabilities occur when an attacker is able to cause a trusted Web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. In that example, the script can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization.

The vivid example is about 10,000 trusted websites infected last month by javascript toolkit, aimed at sending victims' personal information to attackers via the web.

Finjan, a privately owned web security company, reported that the new toolkit is a very smart program and can easily avoid detection, adapt to new conditions and make an adjustment when patch released.

The user embeds malicious script into the websites himself. The script does not appear on the site after end-user’s first appearance. That’s why it’s almost impossible to track it down.

Though discovered the script is still active and harmful.

Photo: www.microsoft.com

Comments
Russian woman killed when hanging out naked of moving car in Dominican Republic
Pilot shares his impressions after flying Su-57 fifth-generation fighter
Russian government prepares to get rid of US dollar in economy
Putin in Austria: Europe doesn't like Russia very much, but it is fed up with USA too
US-Russian confrontation: War is peace, freedom is slavery
Details of Putin-Merkel surprise meeting unveiled
Russia's long-range Bastion system follows USS Carney in Black Sea waters
The insane idea in Germany: "pedophilia normal love"
US sanctions to kill Russian banks and sovereign debt?
Will Smith tells of his trip to Russia in a video
Why Russia continues investing in US public debt
USA and Turkey: The elephant kicks the barking pug aside
In Ukraine, human organs don't stink
US-Russian confrontation: War is peace, freedom is slavery
US-Russian confrontation: War is peace, freedom is slavery
US-Russian confrontation: War is peace, freedom is slavery
Castro sued over alleged torture
Castro sued over alleged torture
Castro sued over alleged torture
Aretha Franklin: A colossus, a woman, a lady, a light and a soul
Ukraine dreams of what it can do to Crimea after winning war with Russia