Watch Out For the <b1> Hack Tag...

Jack Duncan · 11-03-2009, 01:53 PM

There is a new Hack on the loose...

You'll want to "View Source" on your sites to look for a suspicious <b1> tag with odd characters between it...

Something like this:

<b1></b1>

Rackspace is currently doing an investigation on this...because it has infected some of their client's sites.

Here was one of their descriptions for this tag:

The data between the tag is random characters followed by the path to the current file both base64 encoded and compressed. This is quite harmless, but my expectations is that the current tag is a proof of concept that will be eventually sold on the black market to profit from pay-per-click links that can be embedded.

So essentially, a bot is going around looking for files that are not "locked down" and then writing code on the site for the purpose of selling the concept to someone who would use it to serve advertisements on your site...

Hope this helps,
Jack Duncan

mmurtha · 11-03-2009, 02:05 PM

Hey Jack,

Thanks for posting this info.

Personally, hackers are coming to an all time low these days.

JamesRad · 11-03-2009, 02:06 PM

Quote:

Originally Posted by Razer Rage

Interesting. But this is only one of many. There are new hacks coming out every day. It's almost impossible to keep up with it all.

That's why common sense is your best defense.

I totally agree they will always be one step ahead of us, I always run periodic backups of my sites to ensure I have all the data to simple do a full site reinstall if ever needed.

James

11-03-2009, 01:53 PM	#1
Jack Duncan Senior Warrior Member War Room Member Join Date: Jul 2008 Location: , , USA. Posts: 1,751 Thanks: 29 Thanked 1,965 Times in 229 Posts	Watch Out For the <b1> Hack Tag... There is a new Hack on the loose... You'll want to "View Source" on your sites to look for a suspicious <b1> tag with odd characters between it... Something like this: <b1><!--m8ghGhjjak78ksOgCAMBcATQSH+ziP6FBNrCdbUeHrduJvFEB9 KOtYVGhpquiG2PZmZ5+3BztAss5+EyZBokkPxfSvup2YwTkr7B ZfkdiHSIqKovuTyAgHeIWs=--></b1> Rackspace is currently doing an investigation on this...because it has infected some of their client's sites. Here was one of their descriptions for this tag: The data between the tag is random characters followed by the path to the current file both base64 encoded and compressed. This is quite harmless, but my expectations is that the current tag is a proof of concept that will be eventually sold on the black market to profit from pay-per-click links that can be embedded. So essentially, a bot is going around looking for files that are not "locked down" and then writing code on the site for the purpose of selling the concept to someone who would use it to serve advertisements on your site... Hope this helps, Jack Duncan
	Is This The Perfect Keyword Research System? 6 .pdf reports, Step-by-Step visual details, Instant Download Now >> Click Here

11-03-2009, 02:05 PM	#2
mmurtha Senior Warrior Member War Room Member Join Date: Dec 2005 Location: Hubbard, Ohio, USA. Posts: 4,387 Thanks: 333 Thanked 113 Times in 89 Posts Social Networking Contact Info	Re: Watch Out For the <b1> Hack Tag... Hey Jack, Thanks for posting this info. Personally, hackers are coming to an all time low these days.