Hackers Loaded Malware Into Mercury Music Award Site
According to the news by The Register on June 7, 2007, hackers have loaded malware in the site of Mercury Music Awards and also in many other sites, due to breaking of US-based hosting firm, Dream Host's systems.
It was due to a security-vulnerability in the cyber control-panel software that the hackers were able to attack a small part of the user's account. Meanwhile, the users who were attacked were informed by email. According to the news by The Register on June 7, 2007, Dream Host had claimed that it was only the content of web that has been hacked not the billing and credit card information.
On Wednesday June 6, 2007, it was found by the users of Mercury Music Award site that it has been attacked and changed by a band that wanted publicity for their forthcoming show.
According to the news by The Register on June 7, 2007, Dream Host added that the flaw allows hackers to access the customer web control-panel. From there, they could successfully obtain the information of the user password. According to the news by The Register on June 7, 2007, the hackers also tried to use the central database & billing information but failed to do so. No information about the credit card was given out.
As per the company, Dream Host has control over 500,000 domains. On 5 June, Dream Host sent an email to its customer, which notified the hacking of 3,500 separate FTP-accounts. It was also recommended that the customer should change the FTP password as soon as possible. The company is very keen to update the punters concerned regarding the measures it has adopted to avoid the flaw.
The organizers of the site claim to have taken additional security measures to avoid hacking and are planning to alter server's size to cope with the size of the site. As the site is quite large, the new security device will take time to install. The authorities are hoping that it will be done by weekend.
The lost of the confirmed target attack include Mercury Music Award Site sponsored by the building society countrywide, nationwidemercurys.com & UK law agency Clintons with clients such as The Who, The U2, and Paul McCartney.
Scan Safe, a UK based web security company has been directing the attack and claimed that the hackers used the Dream Host's insecure Web controls for downloading Trojan malware into popular sites.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 22-06-2007