http://www.theregister.co.uk/2008/09/16/businessweek_hacked/ By Dan Goodin in San Francisco The Register 16th September 2008 Add BusinessWeek.com to the list of big-name sites felled by the mighty SQL injection attack. According to Sophos, the business news site has been infected with attack code that since sometime last week has been trying to install malware on the machines of those who visit the site. The attack affected hundreds of BusinessWeek.com pages offering employment information to MBA students. On Monday, the pages pointed to a Russian website that was not online, but the site could be revived at anytime, Sophos warned. SQL injection attacks, so called because they attack a website's SQL database, have emerged as a weapon of choice among miscreants trying to infect the PCs of the masses. Rather than spend the time and money setting up a fraudulent site that tricks users into installing a keylogger or other type of malware, bad guys have found it easier to attack legitimate sites with high readership. Other organizations that have been hit with similar attacks include the Department of Homeland Security, the Phoenix Mars website, and sites belonging to UK government agencies. The attacks prey on servers that fail to sanitize searches and other types of user supplied data before sending them to a website's database. Once infected, the sites become a means for transmitting malware to thousands or millions of people visiting those sites. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Tue Sep 16 2008 - 01:44:59 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 16 2008 - 01:59:05 PDT