- Joined
- Oct 12, 2003
- Messages
- 870
- Reaction score
- 181
I visted webcart(.)com today and was greated with an automated installation of a back-door. I checked the whois and the domain appears to be parked at NetSol using NS1.LAMEDELEGATION.NET.
McAffee stoped the script from executing but I had to manully stop the installation of a fake Java run-time package.
This means Network Solutions and probably many more sites have been hacked. Becarful and make sure you have a good ant-virus installed.
More info @ http://www.scmagazineuk.com/new-zer...indows-xp-and-2003-discovered/article/172078/
As a workaround for the vulnerability, it is possible to de-register the HCP protocol on the target machine from the start menu, select run, then type âregedit' then click OK (the registry editor program launches). Then expand âHKEY_CLASSES_ROOT' and highlight the HCP key - right mouse click on the HCP key, and select delete.
McAffee stoped the script from executing but I had to manully stop the installation of a fake Java run-time package.
This means Network Solutions and probably many more sites have been hacked. Becarful and make sure you have a good ant-virus installed.
More info @ http://www.scmagazineuk.com/new-zer...indows-xp-and-2003-discovered/article/172078/
As a workaround for the vulnerability, it is possible to de-register the HCP protocol on the target machine from the start menu, select run, then type âregedit' then click OK (the registry editor program launches). Then expand âHKEY_CLASSES_ROOT' and highlight the HCP key - right mouse click on the HCP key, and select delete.
Last edited:
