Hackers Injected Malicious Code in MSN Canada Website
Researchers at security firm 'Websense' have claimed that a particular section of MSN Canada contains a malicious code that directs users to another website.
They further explain that users are redirected from msn.ca to sympatico.msn.ca. The redirected website is owned by Bell Canada, famous for its Internet Service Provider (ISP) 'Bell Internet' (formerly known as Simpatico).
It has been discovered that the infected website is quite popular in Canada for its all online services that are available on MSN portal.
Jay Liew, a Security Researcher working with Websense, observed a very strange activity on the website msn.ca when he was surfing it to avail the service of cinema.sympatico.msn.ca, said news reports.
Websense has completed its task of informing the owners of MSN Sympatico about the finding of malicious content.
After the announcement of no malware on the website by Microsoft, Websense has also confirmed the non-existence of malicious code. Web attacks, commonly used for code cross injection, are called cross-site scripting (XSS) attacks. XSS assaults are sometimes happened due to failure of properly sanitizing user input in web forms and come under a sub-category of web code injection flaws.
This incident has highlighted that the dangers and extensive use of XSS bugs to target computer users. Popular companies like MSN that are well acquainted of them fall victims to such attacks. Hence, these websites have to find out solutions that could mitigate these attacks.
In addition, Websense security researchers have found another type of attack 'SQL injection' that could be used to infect the msn.ca page though the possibilities are very less.
Hence, it becomes necessary for website owners to stay alert to evade such malicious attacks in such a time when malware are used in every possible way to compromise websites.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 22-06-2009