The website of BusinessWeek has been hacked in an attempt to infect the visitors with malware.
According to research by Sophos, hundreds of web pages in a section for MBA students to find employment have been affected. The hackers used an SQL injection attack to infect the pages with code that tries to download malware from a Russian web server.
Although the Russian website was down and not delivering further malicious code at the time of the Sophos research, it claimed that it could be revived at any time as the hackers' scripts are still present and active on their site.
Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa, said: “While it is concerning when any site suffers a malicious SQL injection attack, the stakes are even higher when it is one of the 1000 busiest websites on the Internet.
A potentially large number of people visiting the site and accessing information may be putting their finances or personal data at risk if they are not properly protected.
“Companies hit by SQL injection attacks need to move fast to not only remove the malicious scripts, but also to ensure they do not get infected again.
Companies with websites that have been struck by such an attack often clean-up their database, only to be infected again a few hours later.
“The latest BusinessWeek attack should alert all businesses to the importance of ensuring their Web sites are fully protected against attacks, and that all vulnerabilities are patched.”
See original article on scmagazineus.com
BusinessWeek hit by hackers
By Dan Raywood on Sep 22, 2008 9:57AM