BusinessWeek Online Content Hit By SQL Injection, A Total Of 721 Scripts Attempted To Infect Visitors
Malicious hackers have broken into several sections of BusinessWeek.com and as a result the content has been infected by Mal/Badsrc-C via SQL injection. The infected pages are related to to jobs and recruitment.
Currently hundreds of pages on BusinessWeek.com are being rigged with malicious JavaScript pointing to third-party servers. Visitors to the site execute the script, which attempts to launch drive-by malware downloads. Some malicious pages are successfully bypassing Firefox 3 blacklist-based filter.
According to data from the Google Safe Browsing API, BusinessWeek.com has been flagged as malicious for a while:
Of the 2157 pages we tested on the site over the past 90 days, 214 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/15/2008, and the last time suspicious content was found on this site was on 09/11/2008.
Malicious software includes 721 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 2 new processes on the target machine.
Malicious software is hosted on 90 domain(s), including adbtch.com, advabnr.com, bnsdrv.com.
11 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including advabnr.com, bnsdrv.com, cv2e.ru.
BusinessWeek.com joins high-profile targets such as Bank of India, China.com, and USA Today which were recently hit by similar SQL injections. According to expert estimates, at least 70 percent of all Web-based malware is now being hosted on legitimate Web sites.
As usual, we advise users to use Firefox, and Firefox users we advise to install NoScript addon which protects from JavaScript-injected infected websites (and from many other malicious elements).
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.