BusinessWeek site hacked, serving drive-by exploits

BusinessWeek site hacked, serving drive-by exploits

Summary: Malicious hackers have broken into several sections of BusinessWeek.com and are now using the popular site to redirect visitors to malware-laden servers.

SHARE:
TOPICS: Security, Malware
6

BusinessWeek site hacked, serving drive-by malware downloadsMalicious hackers have broken into several sections of BusinessWeek.com and are now using the popular site to redirect visitors to malware-laden servers.

At the time of writing, hundreds of pages on BusinessWeek.com have been rigged with malicious JavaScript pointing to third-party servers. Visitors to the site execute the script, which attempts to launch drive-by malware downloads.

Firefox 3's malware blocker is detecting some of the infection attempts but there are numerous malicious pages currently bypassing the browser's blacklist-based filter.

BusinessWeek site hacked, serving drive-by malware downloads

[ SEE: Microsoft ships free code auditing tools to thwart SQL injection attacks ]

According to data from the Google Safe Browsing API,  BusinessWeek.com has been flagged as malicious for a while:

  • Of the 2157 pages we tested on the site over the past 90 days, 214 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/15/2008, and the last time suspicious content was found on this site was on 09/11/2008.
  • Malicious software includes 721 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 2 new processes on the target machine.

SEE: SQL Injection attacks lead to wide-spread compromise of IIS servers ]

The use of legitimate Web sites in drive-by malware attacks has soared in recent months.  According to expert estimates, at least 70 percent of all  Web-based malware is now being hosted on legitimate Web sites.  Some recent high-profile targets included Bank of India, China.com, and USA Today.

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • So tell us...

    what software stack is businessweek.com using?

    A cheap solution that doesn't work is neither
    Say What?
    say_what
    • Solaris 8/Netscape

      Solaris 8 Netscape-Enterprise/6.0 15-Sep-2008

      Though it's not clear from the article which of the many Businessweek web sites were compromised.
      ye
      • nmap -T aggressive

        returns with 85% accuracy that businessweek.com is Solaris 10 running Apache, Apache Tomcat/Coyote JSP Engine, up since Jul 30.
        D T Schmitz
  • Nice work with the Google SafeBrowsing API

    I should have included that information in the blog post I made about this earlier today on the Sophos website: http://www.sophos.com/blogs/gc/g/2008/09/15/hackers-infect-businessweek-website

    I have, however, published a cute little video demonstrating the problem. :)

    Cheers
    Graham Cluley, Sophos
    gcluley
  • RE: BusinessWeek site hacked, serving drive-by exploits

    I wonder if, or how many, IT heads will roll at Business Week? Anyone know if they outsource some of their server work or security?

    It should be noted that you don't have to be an online giant either to get hacked, whacked or blinded.

    Is the day coming when the U.S. and other countries evolve into single large intranets blocking out entire countries and their hackers just for security's sake?

    Graham Cluley's blog and video presentation about this story was enjoyable. A must read.
    desertcities@...
  • RE: BusinessWeek site hacked, serving drive-by exploits

    I think the Chinese and the international community need to step in and treat this like. Well a terrorist threat!!Every government needs to do something about malware. So treat as it is A true danger to world economy's?
    magichardt@...