BusinessWeek suffers SQL injection attack

By

Business news magazine BusinessWeek has become the latest victim of the rising phenomenon of SQL injection attacks.


Business news magazine BusinessWeek has become the latest victim of the rising phenomenon of SQL injection attacks.

Security firm Sophos said that the company had hundreds of pages within its site infected with malicious code.

Graham Cluley, senior technology consultant at Sophos, said in a blog posting that the attackers had apparently run the attack through BusinessWeek's online job-hunting application.

SQL injection attacks are performed by entering specially-crafted code into a page's input field which can covertly redirect users to malicious sites. In this case, the code was redirecting users to an attack page hosted in Russia, according to Cluley.

"It is worrying when any site suffers from a malicious SQL injection attack but, when it's also one of the 1,000 busiest websites on the internet, the stakes are even higher," he said.

"The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected."

The magazine has said that it has removed the offending web application and that no user data was believed to be compromised.

SQL injection attacks have become increasingly popular in the past year. The tactic is often used to compromise online forums and can be scripted automatically to generate hundreds of thousands of infected pages.

Because many of the avenues used in SQL injection attacks are not necessarily known vulnerabilities, but rather the result of poorly configured servers, many hosts may not even be aware that they are vulnerable.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?