Hackers have attempted to
spread malware via the website of security firm Trend Micro,
according to media reports in Japan.
Hackers tried to alter a number of web pages on the firm's
Japanese and English-language websites on Sunday 9 March, using a
malicious
iFrame exploit that could deliver a Trojan horse onto users'
computers. Trend Micro is believed to have uncovered the problem on
Wednesday 12 March, and replaced affected pages with a message
saying, "This page is temporarily shut down for emergency
maintenance."
It has not yet been revealed how hackers tampered with the web
pages on the security website, but it is likely a software
vulnerability on the site was exploited.
Trend Micro reported on its website that visitors to its sites
could be infected by the malware, which it named JS_DLOADER.TZE,
either by accessing one of the infected web pages or clicking on a
malicious URL link.
The company said
on its blog, "Early last week, we realised that part of our
public online Virus Encyclopedia (VE) was altered via external
hacking. The redirect placed on our sitedidn't work properly so
nobody visiting the hacked pages was at risk of infection.
"In response to this incident, we shut down the VE forseveral
hours, patched the systems, removed the inserted code, andbrought
it back to life again. We have already taken interim measuresto
further harden the VE system against future attacks."
On its own website, rival security supplier Sophos, said, "Our
friends at Trend Micro and people visiting the hacked pages are
victims of a crime. Sadly, it is not an uncommon crime these days
and all kinds of businesses have suffered."
Sophos added, "This is not the time or place to make cheap shots
against a competitor. In the past, we have found websites as varied
as wedding photographers, antiques firms, pilates classes,
ice-cream manufacturers and even the US consulate general in St
Petersburg infected by similar attacks. It seems we now have to add
anti-virus companies to that list."
Sophos said Trend Micro was not the first security company to
become a victim. "In 1999, hackers changed the home page of
Symantec - although in that instance the motivation was apparently
to cause mischief rather than to spread malware."