Subj : Hacked websites are being put at even greater risk by malicious w
To   : All
From : TechnologyDaily
Date : Tue Jan 23 2024 18:30:04

Hacked websites are being put at even greater risk by malicious web redirect 
scripts

Date:
Tue, 23 Jan 2024 18:14:54 +0000

Description:
Parrot TDS is finding new ways to keep its code hidden from website owners, 
researchers have recently warned.

FULL STORY
======================================================================

Parrot traffic direction system (TDS), a malicious script that redirects 
website visitors to dangerous destinations, was observed evolving and 
becoming harder to detect. 

Cybersecurity researchers Unit 42, from Palo Alto Networks, recently analyzed 
10,000 Parrot landing page scripts, gathered between August 2019 and October 
2023. 

They concluded the majority of the scripts (75%) were new, representing the 
fourth iteration of the code. Another 18% were of the previous version, while 
the remaining 7% were running older scripts. Different payloads for different 
victims 

Compared to the older versions, the fourth iteration comes with a number of 
enhancements, including improved obfuscation with complex code structure and 
encoding mechanisms. Furthermore, the fourth version has different array 
indexing and handling that disrupts pattern recognition and signature-based 
detection, and comes with a variation in the handling of strings and numbers. 

As for its efficiency and productivity, Parrot TDS remains as useful as ever. 
It profiles the victims environment and, depending on the conditions found, 
drops different payloads. Unit 42 found a total of nine different payloads 
who, among themselves, dont differ that greatly. There are minor obfuscation 
changes and target OS checks. 

In most cases (70%), Parrot will drop the second version of the payload with 
doesnt come with any obfuscation. 

To remain secure, website owners should search their servers for suspicious 
php files. They should also scan the ndsj, ndsw, and ndsx keywords, and use 
firewalls to block webshell traffic. Finally, they should deploy URL 
filtering tools to block traffic coming from known malicious URLs and IP 
addresses. 

Parrot TDS was first discovered in April 2022, by cybersecurity researchers 
from Avast. It was then said that the script was probably active since 2019, 
managing to infect more than 16,500 websites. 

Via BleepingComputer More from TechRadar Pro Parrot TDS poses immediate risk 
to web developers worldwide Here's a list of the best firewalls around today 
These are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hacked-websites-are-being-put-at-even-g
reater-risk-by-malicious-web-redirect-scripts


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.