The website of BusinessWeek has been attacked by hackers in an
attempt to infect its readership with malware.
Hundreds of webpages have been affected in a section of
BusinessWeek's website which offers information on where MBA
students might find future employers.
According to web security firm Sophos, an SQL injection attack -
where a vulnerability is exploited to insert malicious code into a
site's underlying database - peppered the site's pages with code
that downloads malware from a Russian web server.
"It's worrying when any site suffers from a malicious SQL
injection attack, but when it's also one of the 1,000 busiest
websites on the internet, the stakes are even higher," said Graham
Cluley, senior technology consultant at Sophos.
"The potentially large number of people visiting the site and
accessing information to assist their careers may be putting their
finances or personal data in jeopardy if they are not properly
protected," he said
Earlier this year, Sophos reported that it was
identifiying more than 16,000 new infected webpages every single
day, 90% of them on legitimate sites that had been hacked.
Sophos said it was discovering a new malicious webpage every
five seconds, three times faster than during 2007.
The code injected into BusinessWeek's website pointed to a
Russian website that is currently down and not delivering further
malicious code.
However, it could be revived at any time, infecting hundreds of
MBA students looking for high-earning jobs. Sophos informed
BusinessWeek of the infection last week.
Cluley has published a
video demonstrating the problem on BusinessWeek's website, and
providing tips on how companies can better defend themselves from
similar attacks.
Joomla infected by SQL injection >>
SQL attack on Playstation >>
Keep the back door locked >>