Beware the Nine Ball

A nice little gem this Nine Ball is. According to Websense there have been over 40k web sites hit by a mass-compromise attacked called, none other than, Nine Ball. This compromise hits web servers that will redirect it's victims to a site that will then attempt to download trojans, viri, keyloggers oh my. 

The kicker with this new threat is the server hosting the malware (www.nine2rack.in) will scan the victim for vulnerabilities in their web browser, Adobe or Quicktime software. It finds a whole it will download a trojan along with a keylogger that most anti-virus software won't find. These trojan's are especially nasty because they are hard to detect because they are created and compiled on the fly. 

Now on the server side, people who have been lax on security, and their secure coding practices will allow their server to be compromised. Nine Ball will use SQL-Injection attacks and brute force  intrusion with stolen user names and passwords of the administrators of the website. 

So while your out surfing the intertubes be careful what your surfing.