Website Code Injection and How it Affects your Reputation

Cyber crime syndicates are always looking for ways to increase the opportunity to infect more machines with their malware. One way is to increase the lifetime of injections on websites. Usually the life span of injected code on a vulnerable website, depends on how fast the website administrator notices malicious content added to their web pages.

Image 1: The red arrow below shows the difference between the life span of typical malicious injected code and code injected by a rogue Apache module

One tactic used to increase the life span of injected code is to install rogue modules on compromised web servers. These modules hide themselves and the presence of injected code from website administrators. 

We are seeing an increase in the number and sale of web server rootkit tools which are used to inject and hide malicious code on compromised web servers. Web server administrators are mentioning on forums and blog articles of mysterious iframes with malicious payloads, magically appearing on different websites and constantly changing the injected URL.

According to underground forums this type of web server rootkit called “DarkLeach” is an Apache 2 module selling for $1,000. Features of this module include: iFrame injection of php/html/js files, allowing access to module from specific IP addresses, periodic updates of injected URLs.

Apart from injecting iFrames, this module ensures a long life span with it’s stealth mode features, including logging the IP addresses of server administrators, going quiet when the admin logs into the server or when someone connects to the server with the logged IPs, disabling the module when a system scanner such as rkhunter or tcpdump are used.

The author of the module goes on to show the statistics of how successful this module is when used with exploit kits:

Image 2: Stats from exploit kits showing successful exploits with the help of the Web server Apache rogue module

As you can see this type of attack is widely used and can have a detrimental effect on a companies’ reputation. For instance TradingForex.com was recently affected by a similar attack. FOREX trading website was injected with a malicious Java applet, which could install malware on the affected systems of the site's users. FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world. TradingForex.com provides tools for forex trading online, which users trusted was secure. However after this recent attack, users will think twice about using their services due to the lack of security and the possibility of their system’s being compromised.

Ishlangu gives web server administrators piece of mind, by surrounding their websites and web applications with a fortified security perimeter. This provides robust defenses against exploits aimed at vulnerable application frameworks such as Joomla and WordPress which cyber criminals use to compromise web servers and install malicious modules such as DarkLeach. 

Ishlangu’s Application Firewall establishes a secure session identifier, proactively secures cookies, URLs, Form Fields and thoroughly inspects all data sent and received by the application; ensuring malicious users do not exploit the stateless nature of HTTP transactions.

Protect your websites, your users and most importantly your reputation from attack. Download a free trial of Ishlangu and see for yourself.

Ishlangu - Ultimate Control with uControl Script

Check out the new video on our youtube site.  Dayne presents one of the many usages of Ishlangu's powerful uControl Script.  This is just the first in a series of videos that will demonstrate what you can do with Ishlangu.

Introducing Ishlangu

In today’s instant online social media, a company’s reputation is measured by how secure and accessible their application data is.

Fundamental to this accessibility and security is ADC or Application Delivery Controller, a technology that is complex and expensive. Shaka Technologies’ “Ishlangu” - Application Delivery Controller technology, provides next-generation security and application control at an affordable price.

The Ishlangu product, available for bare metal servers or as a virtual appliance, removes the complexity of managing your application data security and delivery with it’s intuitive administration console. Ishlangu’s application-aware firewall, understands applications and their vulnerabilities. It’s hybrid security model thwarts application based attacks such as SQL injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF).

Ishlangu’s uControl Script™, a powerful traffic inspection engine, allows clients to create and implement bespoke application traffic rules. uControl Script™ empowers clients with greater control and intelligence of their application delivery, especially crucial for online applications and ecommerce sites.

Increased demand for available applications and an influx of online capable devices puts a huge strain on organizational services. Ishlangu’s multi-node clustering provides enterprises the ability to scale out capacity to enormous levels. Unlike other ADC high-availability deployments, Ishlangu not only ensures your application's availability, it provides the means to seamlessly scale up your application's capacity as traffic throughput demands it.

All these powerful features combine with Layer 7 load balancing, SSL offloading, application acceleration, content caching, compression, traffic analysis and logging to form a dynamic and secure ADC solution. Unlike most ADC solutions, Ishlangu offers all these features as well as dedicated 24/7 support under one license package. There are no hidden package costs or option packages, what you see is what you get; a complete and secure application delivery controller.

Secure data access is paramount in today’s global economy. To find out more or to download a free evaluation copy of Ishlangu please visit our website at www.shakatechnologies.com