Experts at IT security and control firm Sophos have discovered
that the website of BusinessWeek, the world famous weekly magazine,
has been attacked by hackers in an attempt to infect its readership
with malware.
Hundreds of webpages in a section of BusinessWeek's website
which offers information about where MBA students might find future
employers have been affected. According to Sophos, hackers used an
SQL injection attack - where a vulnerability is exploited in order
to insert malicious code into the site's underlying database - to
pepper pages with code that tries to download malware from a
Russian web server.
"It's worrying when any site suffers from a malicious SQL
injection attack, but when it's also one of the 1000 busiest
websites on the internet the stakes are even higher," said Graham Cluley, senior
technology consultant at Sophos on his
blog. "The potentially large number of people visiting the
site and accessing information to assist their careers may be
putting their finances or personal data in jeopardy if they are not
properly protected."
Earlier this year Sophos reported that it identifies more than
16,000 new infected webpages every single day, 90 percent of which
are on legitimate sites like BusinessWeek that have been hacked.
Sophos discovers a new malicious webpage every five seconds - three
times faster than the rate seen during 2007.
At the time of writing, the code injected into BusinessWeek's
website points to a Russian website that is currently down and not
delivering further malicious code. However, it could be revived at
any time, infecting hundreds of MBA students looking for
high-earning jobs. Sophos informed BusinessWeek of the infection
last week, although at the time of writing the hackers' scripts are
still present and active on their site.
"BusinessWeek, and the many other firms hit by SQL injection
attacks, need to move fast to not only remove the malicious
scripts, but also to ensure that they do not get infected again.
Companies whose websites have been struck by such an attack often
clean-up their database, only to be infected again a few hours
later," continued Cluley. "Everyone who browses the web needs to
ensure that the pages they visit are being scanned for dangerous
code, as more and more sites are being discovered each day hosting
malware."
Cluley has published a
video demonstrating the problem on BusinessWeek's website, and
providing tips on how companies can better defend themselves from
similar attacks.
Sophos recommends that all businesses ensure their websites are
fully defending against attacks and all vulnerabilities are
patched.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.