. Updated Daily. Editions SDA India   SDA Indonesia
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













News

Wednesday, 17 September 2008

BusinessWeek Latest Victim of Growing Internet Security Woes
 

 

BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect its readership with malware.

According to experts at IT security and control firm Sophos, hundreds of webpages in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected.

The hackers in question apparently used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server.

"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1,000 busiest websites on the internet the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected."

At the time of writing, the code injected into BusinessWeek's website points to a Russian website that is currently down and not delivering further malicious code. However, it could be revived at any time, warn Sophos, infecting hundreds of MBA students looking for high-earning jobs.

Sophos said it informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts were still present and active on their site.

"BusinessWeek and many other firms hit by SQL injection attacks need to move fast to not only remove the malicious scripts, but also to ensure that they do not get infected again. Companies whose websites have been struck by such an attack often clean up their database, only to be infected again a few hours later," continued Cluley.

"Everyone who browses the web needs to ensure that the pages they visit are being scanned for dangerous code, as more and more sites are being discovered each day hosting malware."

Earlier this year Sophos reported that it identifies more than 16,000 new infected webpages every single day, 90 per cent of which are on legitimate sites like BusinessWeek that have been hacked.

Sophos says it discovers a new malicious webpage every five seconds - three times faster than the rate seen during 2007.
 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2009 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use