Hackers have broken into BusinessWeek's online site and set up an attack scenario in which visitors to a section of the site could have their own computers compromised and their data stolen, tells Graham Cluley from security company Sophos in his Blog.
The hackers used an increasingly common form of attack called SQL injection, in which a small malicious script is inserted into a database that feeds information to the BusinessWeek website. Injected code was pointing to a website behind a Russian domain, which could download malware onto the computers of BusinessWeek.com readers.
At the moment the Russian website is offline. Cluley points out that it’s status could potentially change at any time though.
The amount of SQL injections has increased a lot this year. "As we reported in our recent Security Threat Report, over 16,000 new infected webpages are discovered every single day. That’s one every five seconds - three times faster than the rate we saw during 2007", says Cluley.
Video containing more information on the matter can be seen on Graham Cluley's Blog.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment