jQuery.com compromised to serve malware

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
therube
Ambassador
Posts: 7598
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

jQuery.com compromised to serve malware

Post by therube » Fri Sep 26, 2014 4:58 pm

jQuery.com compromised to serve malware via drive-by download

http://blog.jquery.com/

http://jquery.com/

"We took the site down as soon as we realized there was a compromise and cleaned the infected files."

Now just what does all this mean?

Is this one of those "you're not supposed to do that sites", where everyone links to its code, & often you may need to Allow it in order for particular functions used on a particular page to work?

And if they "took the site down", then what? Those sites that rely on it, break? Or do the sites just use the "compiled" code & are only loading it locally?

Site was hit, but not the library


Do you "trust" jquery, or similar.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 SeaMonkey/2.29.1

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: jQuery.com compromised to serve malware

Post by Thrawn » Tue Sep 30, 2014 4:03 am

Is anyone successfully running JQuery via a file: surrogate?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0

barbaz
Senior Member
Posts: 9501
Joined: Sat Aug 03, 2013 5:45 pm

Re: jQuery.com compromised to serve malware

Post by barbaz » Fri Oct 10, 2014 7:29 pm

To note, I posted the following when a user asked about replacing googleapis jQuery and seemed concerned about the compromise of the official site:
You could download jquery from some other mirror site, such as ajax.aspnetcdn.com (Microsoft) (click the link I posted, don't try to go directly to the domain because that will just give you a not found page)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (compatible; rv:17.1) Gecko/20603306 Firefox/17.1

IanR
Posts: 2
Joined: Thu Oct 09, 2014 8:58 pm

Re: jQuery.com compromised to serve malware

Post by IanR » Fri Oct 10, 2014 11:07 pm

These site attacks are becoming all too commonplace, and the usual vector is SQL code injection. Seems it's uncertain if this was the case here, but extremely likely as they were using a database-backed CMS.

Basically, the need is for an SQL replacement which understands the concept of variables, and thus does not have to accept its input as mixed data and instructions on the same line. Until that is implemented, the code injection exploits will continue.
Mozilla/5.0 (X11; Debian; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/31.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: jQuery.com compromised to serve malware

Post by Thrawn » Sun Oct 12, 2014 10:33 pm

IanR wrote:Basically, the need is for an SQL replacement which understands the concept of variables, and thus does not have to accept its input as mixed data and instructions on the same line. Until that is implemented, the code injection exploits will continue.

Yeah. After that's done, we just need a similar intelligent replacement for HTML, and the web is all fixed :)
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0

Post Reply