Hackers load malicious code onto BusinessWeek website

The website of BusinessWeek has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages have been affected...

The website of BusinessWeek has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages have been affected in a section of BusinessWeek's website which offers information on where MBA students might find future employers.

According to web security firm Sophos, an SQL injection attack - where a vulnerability is exploited to insert malicious code into a site's underlying database - peppered the site's pages with code that downloads malware from a Russian web server.

"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1,000 busiest websites on the internet, the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected," he said

Earlier this year, Sophos reported that it was identifiying more than 16,000 new infected webpages every single day, 90% of them on legitimate sites that had been hacked.

Sophos said it was discovering a new malicious webpage every five seconds, three times faster than during 2007.

The code injected into BusinessWeek's website pointed to a Russian website that is currently down and not delivering further malicious code.

However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week.

Cluley has published a video demonstrating the problem on BusinessWeek's website, and providing tips on how companies can better defend themselves from similar attacks.

Joomla infected by SQL injection >>

SQL attack on Playstation >>

Keep the back door locked >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...