Hackers load malicious code onto BusinessWeek website

News

Hackers load malicious code onto BusinessWeek website

Antony Savvas

The website of BusinessWeek has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages have been affected in a section of BusinessWeek's website which offers information on where MBA students might find future employers.

According to web security firm Sophos, an SQL injection attack - where a vulnerability is exploited to insert malicious code into a site's underlying database - peppered the site's pages with code that downloads malware from a Russian web server.

"It's worrying when any site suffers from a malicious SQL injection attack, but when it's also one of the 1,000 busiest websites on the internet, the stakes are even higher," said Graham Cluley, senior technology consultant at Sophos.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected," he said

Earlier this year, Sophos reported that it was identifiying more than 16,000 new infected webpages every single day, 90% of them on legitimate sites that had been hacked.

Sophos said it was discovering a new malicious webpage every five seconds, three times faster than during 2007.

The code injected into BusinessWeek's website pointed to a Russian website that is currently down and not delivering further malicious code.

However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week.

Cluley has published a video demonstrating the problem on BusinessWeek's website, and providing tips on how companies can better defend themselves from similar attacks.

Joomla infected by SQL injection >>

SQL attack on Playstation >>

Keep the back door locked >>


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy