Blue Coat blocks Shnakule attack

Attack targeted MySQL.com, malicious Javascript was placed on the website

Tags: Blue Coat Systems IncorporatedMalware
  • E-Mail
Blue Coat blocks Shnakule attack Blue Coat systems' WebPulse cyber-security software had blocked an attack by Shnakule, one of the world's largest malware networks.
By  Georgina Enzer Published  September 30, 2011

Websecurity and WAN optmisation provider, Blue Coat Systems has announced that its WebPulse collaborative defence protected its 75 million users from the latest attack launched by Shnakule, one of the largest malware networks on the internet.

According to Blue Coat, its Security Labs have been tracking the Shnakule infrastructure and were therefore able to identify the new threat as it happened and block future attacks.

The attack was first reported by Armorize Technologies, MySQL.com, which was hacked and had malicious JavaScript on the page that created an invisible iframe. 

The iframe then enabled a drive-by download attack that was hosted on servers external to the MySQL.com site. 

The attack utilized new exploit and payload servers as well as those that were already known and the attack host was one of many malicious sites on a server that WebPulse had categorised and blocked as a malware host.

During the five days this server was in use, Blue Coat Security Labs has identified 81 different malware sites on this server. 

"As noteworthy as this attack was, it is simply another traffic driver for a well-established malnet, providing further evidence that cyber criminals do not suddenly appear out of the woodwork to launch high profile attacks," said Nigel Hawthorn, VP EMEA marketing at Blue Coat Systems. "The Shnakule infrastructure runs 24/7 and launches new attacks in an effort to infect new victims. WebPulse tracks malnet infrastructures to protect its users independently of the traffic-driving method du jour."

According to Blue Coat, approximately 400,000 people visit MySQL.com per day, which provides cybercriminals with a potentially lucrative, high-profile target. 

Some of the pages targeted by the iframe injection were pages documenting database administration, this meant that a successfully executed attack could have delivered malware designed to locate additional database credentials and locations on the victim's system. 

Accordng to Blue Coat, the Shnakule network averages around 2,000 unique host names per day with as many as 5,708 in a single day.  On an average day, the WebPulse service logs more than 21,000 requests into that malnet. 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code