[ISN] Malicious code added to open-source Piwik following website compromise

From: InfoSec News <alerts_at_private>
Date: Wed, 28 Nov 2012 02:46:48 -0600 (CST)
http://arstechnica.com/security/2012/11/malicious-code-added-to-open-source-piwik-following-website-compromise/

By Dan Goodin
Ars Technica
Nov 27 2012

Hackers inserted malicious code into the open-source Piwik analytics 
software after compromising the Web server used for downloads.

Piwik boasts more than 1.2 million downloads and the program's 
maintainers are warning those who installed Piwik 1.9.2 during an 
eight-hour window on Monday that their Web servers may be running 
malicious code. The backdoor, which was included in versions downloaded 
from 15:45 UTC to 23:59 UTC, causes servers to send data to 
prostoivse.com, according to people participating in this Piwik user 
forum. The IP address connecting that domain name to the Internet has 
reportedly been used by online scammers in the past.

The attackers compromised Piwik.org by exploiting a security 
vulnerability in an undisclosed plugin for WordPress, another popular 
open-source program. The Piwik advisory said maintainers aren't aware of 
any "exploitable security issues" in the program itself. Piwik is used 
to deliver detailed analytics that track in real time the traffic 
hitting a website.

The hack is only the latest to compromise a popular provider of 
open-source software. In September, malicious code was found in 
phpMyAdmin after one of the mirror sites for SourceForge, which hosts 
more than 324,000 open-source projects, was compromised. In June 2011, 
WordPress required all account holders on WordPress.org to change their 
passwords following the discovery that hackers contaminated it with 
malicious software. Three months earlier, maintainers of the PHP 
programming language spent several days scouring their source code for 
malicious modifications after discovering the security of one of their 
servers had been breached.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Wed Nov 28 2012 - 00:46:48 PST

This archive was generated by hypermail 2.2.0 : Wed Nov 28 2012 - 01:01:34 PST