from the I-know-what-kind-of-wish-*I*-would-make dept.
Make-A-Wish Website Crammed with Coin-Mining Malware:
Researchers with Trustwave say the (now clean) WorldWish.org site was compromised via a Drupal exploit and seeded with malicious JavaScript that enlisted the CPU cycles of visitor's machines to covertly generate cryptocurrency.
It seems that the site was using an older version of the Drupal CMS that was vulnerable to CVE-2018-7600, the remote code execution bug known for marketing purposes as "Drupalgeddon 2." The successful exploit of the vulnerability gives an attacker the current user's access level and, in the case of web servers, this means the ability to access and modify pages.
In the context of a crypto-jacking attack, the compromised page has a short script embedded into it that calls another server to get the actual cryptocoin mining script. That server can also be obfuscated by changing its address or bouncing the connection off other servers. When a user visits the infected page, the mining script is called and the user's machine is used to generate cryptocurrency for the attacker.
Having been widely reported since May, the Drupal bug is now easy to scan for and target for attack, thanks to readily available exploit scripts. This means anyone from novice cybercriminals to large, organized groups could be behind the attack.
[...] "For all we know this is one poor administrator trying to handle an international website with a lot of users," Sigler explained.
"We have seen time and time again where security gets overlooked."
Protecting against the attack is easy enough: Make sure Drupal (and all other web server apps) are updated and fully patched. Admins should also keep a close eye on any changes or unusual activity on their pages that could signal an attack.
What kind of person would compromise a site that grants wishes to dying youngsters?
(Score: 1, Touché) by Anonymous Coward on Monday November 19 2018, @04:43PM (5 children)
maybe the person was trying to be helpful. :) like "hey, jackass! update your shit!"
(Score: 5, Funny) by ikanreed on Monday November 19 2018, @04:53PM
You know, my neighbors weren't happy about when I made a similar "lock your upper story windows" argument.
(Score: -1, Troll) by Anonymous Coward on Monday November 19 2018, @07:01PM (1 child)
The kind of scum that next week has the $$ to sneak over and be at your airport / point of entry as either a 'visitor worker' or 'refugee'. And then accidentally bombs your kids in your home town.
(Score: 0) by Anonymous Coward on Monday November 19 2018, @07:44PM
Let me guess, the kids being bombed happen in a third world country, and not in the West. And it was some western terrorist sitting in an office pressing a button to bomb a school full of children ... in a third world country thousands of miles away.
(Score: 2) by isostatic on Monday November 19 2018, @07:28PM (1 child)
And in the meantime here's a crypto currency donation to you
(Score: 0) by Anonymous Coward on Monday November 19 2018, @09:38PM
[ attachment missing! ]
(Score: 4, Insightful) by Subsentient on Monday November 19 2018, @05:15PM (1 child)
I hate humanity so fucking much. Nothing's sacred. A charity for dying children taken over with cryptomining malware. Absolutely disgusting.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 3, Funny) by FatPhil on Monday November 19 2018, @05:26PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 5, Insightful) by ilsa on Monday November 19 2018, @05:37PM
It's highly unlikely that they were targeted by a specific person.
Most likely, there is some server somewhere configured to blindly hit public IPs, look for specific vulnerabilities, and then exploit them when found.
Anyone who actively monitors firewalls are used to seeing random incoming traffic that tries to hit services that don't actually exist on the IPs being hit. Whatever the IP is actually doing, or who it belongs to, is irrelevant.
Welcome to the 2018 internet.
(Score: 5, Funny) by Runaway1956 on Monday November 19 2018, @05:44PM (1 child)
Someone was wishing they had truckloads of money. So, they set up a money making scheme on the make-a-wish site. How is this a problem?
(Score: 2) by takyon on Monday November 19 2018, @06:27PM
actual_chuckle.ogg
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by sonamchauhan on Tuesday November 20 2018, @12:39AM
"Yippeee, 5 Bitcoin. Oh wait, false alarm"
"Yippee, 0.0034 Bitcoin. Oh wait ...."