BusinessWeek site hacked, serving drive-by exploits

Malicious hackers have broken into several sections of BusinessWeek.com and are now using the popular site to redirect visitors to malware-laden servers.

At the time of writing, hundreds of pages on BusinessWeek.com have been rigged with malicious JavaScript pointing to third-party servers. Visitors to the site execute the script, which attempts to launch drive-by malware downloads.

Firefox 3's malware blocker is detecting some of the infection attempts but there are numerous malicious pages currently bypassing the browser's blacklist-based filter.

[ SEE: Microsoft ships free code auditing tools to thwart SQL injection attacks ]

According to data from the Google Safe Browsing API,  BusinessWeek.com has been flagged as malicious for a while:

• Of the 2157 pages we tested on the site over the past 90 days, 214 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/15/2008, and the last time suspicious content was found on this site was on 09/11/2008.
• Malicious software includes 721 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 2 new processes on the target machine.

SEE: SQL Injection attacks lead to wide-spread compromise of IIS servers ]

The use of legitimate Web sites in drive-by malware attacks has soared in recent months.  According to expert estimates, at least 70 percent of all  Web-based malware is now being hosted on legitimate Web sites.  Some recent high-profile targets included Bank of India, China.com, and USA Today.