BusinessWeek.com infected by hackers

2008-09-17

Sophos, IT security and control firm, is reporting that BusinessWeek.com has been attacked by hackers in an attempt to infect its readership with malware. Sophos states:

"Hundreds of webpage's in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected. Hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server."

Graham Cluley, senior technology consultant at Sophos, stated "BusinessWeek, and the many other firms hit by SQL injection attacks, need to move fast to not only remove the malicious scripts, but also to ensure that they do not get infected again. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later. Everyone who browses the web needs to ensure that the pages they visit are being scanned for dangerous code, as more and more sites are being discovered each day hosting malware."

Cluley has posted a video on his blog to demonstrate the problem on BusinessWeek's website with tips on how companies can better defend themselves from similar attacks. You can see that video here.

You can also read the entire story on the Sophos website, here

Sophos recommends that all businesses ensure their websites are fully defending against attacks and all vulnerabilities are patched.