jQuery.com compromised to serve malware via drive-by download
http://blog.jquery.com/
http://jquery.com/
"We took the site down as soon as we realized there was a compromise and cleaned the infected files."
Now just what does all this mean?
Is this one of those "you're not supposed to do that sites", where everyone links to its code, & often you may need to Allow it in order for particular functions used on a particular page to work?
And if they "took the site down", then what? Those sites that rely on it, break? Or do the sites just use the "compiled" code & are only loading it locally?
Site was hit, but not the library
Do you "trust" jquery, or similar.
jQuery.com compromised to serve malware
jQuery.com compromised to serve malware
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 SeaMonkey/2.29.1
Re: jQuery.com compromised to serve malware
Is anyone successfully running JQuery via a file: surrogate?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Re: jQuery.com compromised to serve malware
To note, I posted the following when a user asked about replacing googleapis jQuery and seemed concerned about the compromise of the official site:
You could download jquery from some other mirror site, such as ajax.aspnetcdn.com (Microsoft) (click the link I posted, don't try to go directly to the domain because that will just give you a not found page)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (compatible; rv:17.1) Gecko/20603306 Firefox/17.1
Re: jQuery.com compromised to serve malware
These site attacks are becoming all too commonplace, and the usual vector is SQL code injection. Seems it's uncertain if this was the case here, but extremely likely as they were using a database-backed CMS.
Basically, the need is for an SQL replacement which understands the concept of variables, and thus does not have to accept its input as mixed data and instructions on the same line. Until that is implemented, the code injection exploits will continue.
Basically, the need is for an SQL replacement which understands the concept of variables, and thus does not have to accept its input as mixed data and instructions on the same line. Until that is implemented, the code injection exploits will continue.
Mozilla/5.0 (X11; Debian; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/31.0
Re: jQuery.com compromised to serve malware
Yeah. After that's done, we just need a similar intelligent replacement for HTML, and the web is all fixedIanR wrote: Basically, the need is for an SQL replacement which understands the concept of variables, and thus does not have to accept its input as mixed data and instructions on the same line. Until that is implemented, the code injection exploits will continue.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0