Local websites hit
8th June 2006 (The Star)

PETALING JAYA: The Malaysian Computer Emergency Response Team (MyCERT) has detected 300 website defacements up till the end of May this year.

MyCERT said it observed a mass defacement of .my domain websites in early May affecting mostly those on the FreeBSD and Linux platforms.

However, Kol Husin Jazri, director of the National ICT Security and Emergency Response Team (Niser), said in an e-mail interview that the attacks weren't platform specific but were targeted at virtual webhosts.

MyCERT is a unit of Niser and is responsible for tracking and logging security incidents, as well as analysing major security incidents and trends.

Virtual hosts are multiple websites hosted on a single machine.

"A few of this virtual hosts were targeted resulting in between 20 to 100 websites being defaced at any one time," Husin said. Intelligence and reconnaissance activities are involved before launching the attacks, Husin said.

Husin said the recent attacks indicates attackers have taken due diligence before executing their strategies. "Intelligence and reconnaissance activities are involved before launching the attacks," he said.

MyCERT's analysis of the recent attacks showed that it was done via PHP scripting vulnerability. (PHP is web scripting language).

Husin said this involves modifying computer program scripts to ensure validation of input.

"These vulnerabilities are exploited to allow entry to access certain restricted locations within the host," Husin said. He added that in some cases, these vulnerability exploits even open up arbitrary Net connections and turn some PHP scripts into proxies and open mail relays.

MyCERT has already provided an alert on the recent attacks and encourages victims to submit the audit trails to MyCERT through the MyCERT website for further analysis.