July 06, 2009
Home
About
Submit Press Release
PR Firms
Editors/Journalists
Search Archives
 
News Releases by Category  
News by Country  
News by MSA  
All News for Today  
Browse News by Day  
News by Trackbacks  
All Press Releases for January 26, 2008 Subscribe to this News Feed  
 

Components of Random JavaScript Toolkit Identified

Download this press release as an Adobe PDF document.

cPanel announced today that its security team has identified several key components of a hack known as the Random JavaScript Toolkit. The systems affected by this hack appear to be Linux® based and are running a number of different hosting platforms. While this compromise is not believed to be specific to systems running cPanel® software, cPanel has worked with a number of hosting providers and server owners to investigate this compromise.

Houston, TX (PRWEB) January 26, 2008 -- cPanel announced today that itʼs security team has identified several key components of a hack known as the Random JavaScript Toolkit. The systems affected by this hack appear to be Linux® based and are running a number of different hosting platforms. While this compromise is not believed to be specific to systems running cPanel® software, cPanel has worked with a number of hosting providers and server owners to investigate this compromise.

The cPanel Security Team has recognized that the vast majority of affected systems are initially accessed using SSH with no indications of brute force or exploitation of the underlying service. Despite non-trivial passwords, intermediary users and nonstandard ports, the attacker is able to gain access to the affected servers with no password failures. The cPanel security team also recognized that a majority of the affected servers come from a single undisclosed data-center. All affected systems have password-based authentication enabled. Based upon these findings, the cPanel security team believes that the attacker has gained access to a database of root login credentials for a large group of Linux servers.

Once an attacker manually gains access to a system they can then perform various tasks. The hacker can download, compile, and execute a log cleaning script in order to hide their tracks. They also can download a customized root-kit based off of Boxer version 0.99 beta 3. Finally, the attacker searches for files containing credit card related phrases such as cvc, cvv, and authorize.

The actual root-kit has been the subject of much speculation. The cPanel security team asserts that the Boxer variant includes a small web-server which is how the Javascript is distributed to unsuspecting users of any website on the server. It is believed that the Javascript include is injected into the HTML code after Apache® has served the file but before it has traveled through the TCP transport back to the user of the website. The web-server is not loaded onto the hard drive directly but loaded directly into memory from the infected Boxer binaries. More information about the infected binaries can be found at: http://www.cpanel.net/security/notes/random_js_toolkit.html.

The JavaScript being loaded by this web-server is directing users to another server that scans the website user for a number of known vulnerabilities. These vulnerabilities are then used to add the website user to a bot net. More information about the JavaScript hacks can be found at: http://www.finjan.com/Pressrelease.aspx?id=1820&PressLan=1819&lan=3. Cleaning the Random JavaScript Toolkit requires the server to be booted into single user mode and the removal of all infected binaries. More details on how to do this can be found at: http://www.cpanel.net/security/notes/random_js_toolkit.html. The cPanel security team believes that the hacker has access to the database of login credentials, the only way to prevent being hacked again is changing the password and not releasing it to anyone. The preferred method however is to move to SSH Keys and remove password authentication altogether.

About cPanel

cPanel was formed in 1997 and has since become a leading Web Hosting Control Panel Software provider supplying hosting automation tools to numerous data centers and customers around the world. cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel products are used on tens of thousands of servers worldwide to equip server administrators with the tools they need to provide top notch hosting to their customers.

Other Press

This compromise has been in the media lately and discussions can be found at the following locations:

http://www.pcworld.com/article/id,141358-c,techindustrytrends/article.html

http://it.slashdot.org/it/08/01/25/148244.shtml

Trademarks

Linux is a trademark of Linus Torvalds. Apache is a trademark of the Apache SoftwareFoundation. cPanel is a trademark of cPanel, Inc.

###

Trackback URL: http://www.prweb.com/pingpr.php/TG92ZS1JbnNlLVBpZ2ctRW1wdC1aZXRhLVplcm8=
See the original story at: http://www.prweb.com/releases/2008/01/prweb656233.htm
Email this story to a colleague
Printer Friendly Version
Bookmark with del.icio.us
Bookmark with Y!MyWeb
Submit to Digg
Eric Gregory
cPanel
570-443-7700
Email us Here

There are no multimedia files attached to this release. If this is your release you may add images or other multimedia files through your login.
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 
Disclaimer: If you have any questions regarding information in these press releases please contact the company listed in the press release.
Please do not contact PRWeb®. We will be unable to assist you with your inquiry.
PRWeb® disclaims any content contained in these releases. Our complete disclaimer appears here.

© Copyright 1997-2007, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Terms of Service | Privacy Policy | Copyright