PandaLabs Exploit Marketing Copy to Distribute Propoganda

greggles — Fri, 05 Jun 2009 15:34:12 +0000

Over on the pandalabs blog is a post titled:

Cyber Criminals Exploit Drupal CMS to Distribute Malware

Digging into the story a bit they write:

If you are using dynamic web applications, such as Content Management Software, E-Commerce or blogging software, then it's especially important to make sure that those applications are always up-to-date with the latest security patches....Today, I came across a State University website which was running a vulnerable version of the popular Drupal CMS software. The site was exploited by cyber criminals and over 3600 links were injected and indexed by Google in less than 10 hours of exploitation.

So, the real message of the post is about updating your software. This is a point that I make painfully clear in chapter 3 of Cracking Drupal.

Software Release Dates Relative to Major Attacks

The below table compares the date of the patch release for several major internet worms compared to the date of the attack.

As you can see, using up to date software would have saved the world from some of the most costly worms of the last decade!

If you run out of date software on a network connected computer you are basically asking to be hacked. Update regularly and you will avoid most attacks.

Attachment	Size
cracking_drupal_table_3_1.png	29.84 KB

Cracking Drupal - marketing ftw

PandaLabs Exploit Marketing Copy to Distribute Propoganda

Software Release Dates Relative to Major Attacks