March 22, 2010
Hot topics :

Hackers Hit BusinessWeek With Malware

BusinessWeek.com, which just last week publicly launched Business Exchange, a kind of social network for readers and industry leaders, has been hit by a SQL injection (define) attack.

Security software vendor Sophos discovered the vulnerability and notified BusinessWeek.

Graham Cluley, senior technology consultant for Sophos, wrote on his blog that hackers tried to infect readership that used part of the site with malware.

"Hundreds of pages on a part of BusinessWeek’s website which offers information about where MBA students might find future employers have been struck by the SQL Injection attack - where a security vulnerability is exploited in order to insert malicious code into the site's underlying database," the post said. Gluley told InternetNews.com that hackers are focusing on SQL injection attacks because "they want to take over your desktop, and companies are protecting their e-mail now, so the other way to get to your desktop is through the browser."

Threat Alerts
More »
Latest Malware
Most Dangerous Malware

SQL injection attacks, the most common form of hacker attacks, exploit vulnerabilities on a Website to insert malicious code into the database behind the Website. In BusinessWeek's case, that code would lead users to a Russian Web site from which malware could be downloaded.

For its part, BusinessWeek.com was tight-lipped about its response, saying only that the malicious application was removed.

"Online security is a top priority and, while we continue to investigate the matter, we are confident that our readers' personal information has not been compromised," BusinessWeek spokesperson Patti Straus said in an e-mailed response to requests for comment. She said the attack affected only one application within a specific sector of the Web site.

"We continue to work to ensure the integrity of our site and to protect it from future illegal and malicious hacking activity," Strauss added.

Related Articles

Getting rid of the link is not enough, Cluley said. "It's easy to remove the malicious links, but BusinessWeek has to look at their infrastructure and work out how the attackers managed to hack their code or the chances are that, within a number of hours, the site will get reinfected."

Google Safe Browsing's diagnostic page for BusinessWeek.com showed that 214 of the 2,157 pages tested on the site downloaded and installed malware on the visitor's desktop without the user's consent. However, the problem seems to have been resolved, as Google Safe Browsing's page said the last time suspicious content was found on this site was on September 11.

Google's Safe Browsing extension is built into the Google Toolbar and integrated into Mozilla Firefox 2.0. It validates URLs against a frequently updated list of known phishing URLs.

This article was first published on InternetNews.com. To read the full article, click here.

1
IT Offers

Partners



















The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Article: Adobe Helps PHP Developers Create Rich Internet Applications
Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Article: Enterprise Social Computing with Microsoft SharePoint 2010
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
 Microsoft Whitepaper: Improve Communications and Collaboration
Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Video: How System Center Helps Reduce IT Costs
IBM Cloud Computing for Developers Virtual Event, April 6-8
Microsoft Video: OCS and Exchange: Platform Futures
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Iron Speed Designer Application Generator
 MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
Learn Forefront
 Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES