CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 25th, 2010

Whirlpool’s Kitchenaid.com Remains Malware Infected For 5 Months

Domestic appliance manufacturer Whirlpool has come under fire for failing to clean up a malware infection on one of its sites, months after it was notified of a problem by UK anti-virus firm Sophos.

Sophos tried for months to clean-up its Kitchenaid.com website, without success, before going public on the problem on Friday. The kitchen utensil selling site remains infected with the Badsrc-C (AKA Asprox) strain of malware five months after a Sophos customer reported a problem, which the security firm forwarded to the white goods firm.

The malicious script points towards nowhere at present, so there isn’t an immediate risk. The problem is that this may change at any time, hence the need for remedial action that Whirlpool seems reluctant to take.

“I and several of my colleagues have been trying to talk to contacts at KitchenAid and Whirlpool to inform them of the issue and offer assistance. We have consistently hit brick walls,” reports senior Sophos threat analyst Paul Baccas.

Whirlpool’s lack of action is symptomatic of a wider problem. Reports of malware problems on websites are hard even for security firms to send to the right person, are often disregarded and sometimes met with indignation, Baccas writes.

The Asprox strain of malware still lingering on Kitchenaid.com’s website has been linked to phishing spam. SQL injection attacks on vulnerable website have been a preferred method for spreading malware.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • The Number Of Infected Machines In Botnets Quadrupled In Last 3 Months
  • Spam Volumes Increase Again, Soon To Be Powered By At Least 10 Millions Of Infected Conficker Bots
  • Computer Worm Infects International Space Station Laptops
  • 3$ for breaking the CAPTCHA
  • Apple Users Targeted By Smut-punting Video Codec Malware

    • Posted in Breaches And Incidents, Malware, SQL Injections | Print This Post Print This Post

    This entry was posted on Monday, January 25th, 2010 at 4:30 am and is filed under Breaches And Incidents, Malware, SQL Injections. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Whirlpool’s Kitchenaid.com Remains Malware Infected For 5 Months

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »