TechTarget

Hackers load malicious code onto BusinessWeek website

The website of BusinessWeek has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages have been affected...

The website of BusinessWeek has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages have been affected in a section of BusinessWeek's website which offers information on where MBA students might find future employers.

According to web security firm Sophos, an SQL injection attack - where a vulnerability is exploited to insert malicious code into a site's underlying database - peppered the site's pages with code that downloads malware from a Russian web server.

"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1,000 busiest websites on the internet, the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected," he said

Earlier this year, Sophos reported that it was identifiying more than 16,000 new infected webpages every single day, 90% of them on legitimate sites that had been hacked.

Sophos said it was discovering a new malicious webpage every five seconds, three times faster than during 2007.

The code injected into BusinessWeek's website pointed to a Russian website that is currently down and not delivering further malicious code.

However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week.

Cluley has published a video demonstrating the problem on BusinessWeek's website, and providing tips on how companies can better defend themselves from similar attacks.

Joomla infected by SQL injection >>

SQL attack on Playstation >>

Keep the back door locked >>

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close