BusinessWeek website infected by hackers

September 15, 2008 Sophos Press Release

Experts at IT security and control firm Sophos have discovered that the website of BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server.

"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1000 busiest websites on the internet the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos on his blog. "The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected."

Earlier this year Sophos reported that it identifies more than 16,000 new infected webpages every single day, 90 percent of which are on legitimate sites like BusinessWeek that have been hacked. Sophos discovers a new malicious webpage every five seconds - three times faster than the rate seen during 2007.

At the time of writing, the code injected into BusinessWeek's website points to a Russian website that is currently down and not delivering further malicious code. However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site.

"BusinessWeek, and the many other firms hit by SQL injection attacks, need to move fast to not only remove the malicious scripts, but also to ensure that they do not get infected again. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later," continued Cluley. "Everyone who browses the web needs to ensure that the pages they visit are being scanned for dangerous code, as more and more sites are being discovered each day hosting malware."

Cluley has published a video demonstrating the problem on BusinessWeek's website, and providing tips on how companies can better defend themselves from similar attacks.

Sophos recommends that all businesses ensure their websites are fully defending against attacks and all vulnerabilities are patched.