Cyber Crooks Attacked Official Website of Piwik
Reports of free web server analytics system, Piwik being compromised and led to serve a Trojanized version of the software, which is functionalized to leak out the backdoor path of the compromised system is on news, as published in HELP NET SECURITY on November 27, 2012.
According to the content of the block published by the Piwik team, the Piwik.org web server has been infected on November 26, 2012 and the file is being downloaded and made available for over 8 hours prior to the disclosure of the incident.
"The official website of the Company, Piwik.org is executing WordPress and was corrupted for a security issue in a WordPress plug-in," as claimed. It has also been reported that no sensitive data has been escaped, as published by HELP NET SECURITY on November 27, 2012.
However, Piwik is self-hosted, open source software. The official website of the Company is not capable of tracking down any web analytics data from any user of Piwik. Since we do not have any proof so no confidential or susceptible data has been disclosed," the Piwik team said, as published by HELP NET SECURITY dated November 27, 2012.
One is liable to be at risk only if he/she has updated or installed on Piwik 1.9.2 on Nov 26, 2012 from 15:43 UTC to 23:59 UTC," according to a security updated on Piwik, reported cso.com.au on November 27, 2012.
In Sydney, that would have been during the 8 hours till 10 am on 27 November, 2012, the team says.
The team observed that "if you are not using 1.9.2 or if you advanced to 1.9.2 before November 26 15:40 UTC or from November 27, you should be safe.
Meanwhile, the developers also included instructions on how to clean a compromised Piwik installation; essentially by backing up the Piwik configuration file and then deleting the entire Piwik directory and installing a freshly downloaded copy of the software.
In a nutshell, the hack is only the recent to infect a famous provider of open-source software. In September 2012, malicious code was noticed in phpMyAdmin after one of the mirror sites for Source Forge, which hosts more than 324,000 open-source projects, was infected. And also in 2011, June, word press essential all account holders on wordpress.org to modify their password following the discovery that hackers polluted it with malicious software.
Related article: Cyber Attackers Move To Abandoned Sites
» SPAMfighter News - 05-12-2012