Security news15 September 2008
BusinessWeek website infected by hackers World famous magazine the latest victim of growing internet security problem
Experts at IT security and control firm Sophos have discovered that the website of BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect its readership with malware.
Hundreds of webpages in a section of BusinessWeek’s website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server.
"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1000 busiest websites on the internet the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos on his blog. "The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected."
Earlier this year Sophos reported that it identifies more than 16,000 new infected webpages every single day, 90 percent of which are on legitimate sites like BusinessWeek that have been hacked. Sophos discovers a new malicious webpage every five seconds - three times faster than the rate seen during 2007.
At the time of writing, the code injected into BusinessWeek’s website points to a Russian website that is currently down and not delivering further malicious code. However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site.
"BusinessWeek, and the many other firms hit by SQL injection attacks, need to move fast to not only remove the malicious scripts, but also to ensure that they do not get infected again. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later," continued Cluley. "Everyone who browses the web needs to ensure that the pages they visit are being scanned for dangerous code, as more and more sites are being discovered each day hosting malware."
Cluley has published a video demonstrating the problem on BusinessWeek's website, and providing tips on how companies can better defend themselves from similar attacks.
Sophos recommends that all businesses ensure their websites are fully defending against attacks and all vulnerabilities are patched.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
