CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 25th, 2008

Department of Homeland Security Website Hacked During Mass Web Attacks

The mass infection that’s injecting attack code into hundreds of thousands of reputable web pages has infiltrated the website of the Department of Homeland Security.

This latest attack is notable for its ability to infect huge numbers of pages using only a single string of text. At time of writing, Google searches showed almost 560,000 pages containing the infection string, though the exact number changes almost constantly. As the screenshot below shows, even the Department of Homeland Security, which is responsible for protecting US infrastructure against cyber attacks, wasn’t immune. Other hacked sites include those belonging to the United Nations and the UK Civil Service.

The attack causes infected sites to redirect visitors to destinations that attempt to install malware on vulnerable machines. At time of writing, the malicious payloads attacked vulnerabilities that already have been patched. And in any case all three of the redirection sites were down, possibly because they were unable to handle the demand. But should the attackers get their hands on a newer exploit – say, one targeting a zero-day vulnerability in QuickTime – it would be relatively easy for them to swap out the payload.

One reason the infection has spread so widely is the attackers have managed to find a single attack string that seems to work on tens of thousands of different sites. The script is also notable for its ability to slip past web application defenses. The SQL query is mostly made up of HEX code, allowing it to obscure itself, at least to apps that use Microsoft SQL. MySQL and PostgreSQL are less easily fooled, according to researcher Ronald van den Heetkamp.

Sites are getting hacked because they fail to sanitize user supplied data. So far Department of Homeland Security has not commented on this issue.

Do not visit the infected websites addresses presented in this article or Google search results.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • UK Home Office Crime Reduction Website Hosted Italian Phishing Scam
  • Over 400 Calls Made Using Hacked Federal Emergency Management Agency PBX Network
  • Phoenix Mars Lander Website Defaced By Script Kiddies
  • US Treasury Department Websites Infect Visitors With Malware
  • Thousands Of High-Ranked Webpages Infected With Malware, Including Intljobs.org, WSJ.com, tomtom.com.tw

    • Posted in Hacked, Mass Web Attacks | Print This Post Print This Post

    This entry was posted on Friday, April 25th, 2008 at 1:47 pm and is filed under Hacked, Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Department of Homeland Security Website Hacked During Mass Web Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « 34000 Of Customers Bank Details On Stolen Boots Backup Tape
    Tapes With Over 2 Million Records Stolen From University of Miami » »