Hacker gets what he wants at Burger King Web site

The UK Web site of the fast food chain Burger King was defaced on Tuesday for the third time this year, this time by a hacker operating under the nickname of MrAgent.

The Burger King homepage at www.burgerking.co.uk was replaced with an attack on the company's marketing line "whatever you want, you got it".

In place of Burger King's Flash-animated page, the hacker placed the message: "MrAgent hacked this server... admin get a clue... just like burger king says, you can have it your way... they aren't lying... i wanted this site to be my way! Greetz to rogue mragent_2001us@yahoo.com."

The flash-enabled Web site was hacked by an IIS buffer-overflow vulnerability for which no patch has yet been released. "Windows-based machines are notorious for being insecure -- they have so many vulnerabilities compared to other operating systems," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions.

The defacement is thought to have been an opportunist attack. "Hackers will scan certain IP address ranges, and discover ones that are vulnerable," explained Read.

Burger King's UK Web site is hosted separately on a server in Edinburgh, away from the other Burger King sites that are hosted on servers located in the US. "It's a bit weird that this one is out on its own," said Read.

Burger King UK was hit by its first defacement in March, by the cracker group Dreamscape, who replaced the homepage with a mockup of the McDonalds' UK Web site. A second attack followed in April by KeBaB KrU.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.