SQL Attack on BusinessWeek Site Results in Malware Infection

BusinessWeek.com, a Website of the world's reputed magazine BusinessWeek that recently (in the 2nd week of September 2008) publicly launched Business Exchange, a social network meant for industry leaders and other readers, has been attacked by a SQL technique.

According to security software provider, Sophos, hackers have attacked the site in a bid to infect visitors' systems with malware.

Furthermore, a large number of pages in one section of the Website that presents information on potential employers for MBA students have been affected.

Sophos further says that hackers launched the SQL attack - where security flaw of a site is exploited to inject malware into the database that runs the site - to execute malicious code on pages in an attempt to download malicious software from a server located in Russia.

Security Experts at Sophos disclosed that once the malicious software successfully downloaded via exploitation of the server loophole, the attack codes could, as per standard, launch anything the attacker desires except the currently included script for auto-generated JavaScript attacks. It suggests that a user could be struck with malware simply by visiting the site even without reciprocating in any manner.

While the attack code inserted into BusinessWeek.com links to the Russian Website, the experts inform that the latter (Russian site) is fortunately down at the moment not delivering malicious code any further. However, there is a possibility of its revival any time, resulting in infection to hundreds of MBA students seeking high-salaried jobs.

Graham Cluley, Senior Technology Consultant at Sophos, says that BusinessWeek needs to quickly eliminate the numerous malicious scripts plaguing its site, before an attacker could install malware that these scripts could activate, as reported by ComputerWorld on September 15, 2008.

However, BusinessWeek.com said nothing about its counter-action except that the malicious program was removed.

Patti Straus, Spokesperson for BusinessWeek, said that Internet security was their top priority and as they continued to probe into the matter, they were sure that their readers' private data had not been accessed, as reported by InternetNews on September 15, 2008. Straus also said that the attack impacted one software piece of a specific section of BusinessWeek.com.

Related article: SoCal Computer Hack Traces to Watsonville

» SPAMfighter News - 22-09-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial