Hackers Hijack a Bookstore Website in Singapore

According to Websense (an Internet security company), the website of 'Popular Holding,' a local stationery and book store in Singapore, was hacked on June 6, 2009.

The researchers at Websense state that hackers injected harmful code into the site's homepage, hxxp://www.pop[removed].com.sg. Usually, this page takes visitors to hxxps://www.pop[removed].com.sg/jsp/index.jsp, the place of operation of the primary site, but with the injection of the malevolent obfuscated code, the page started behaving differently.

The obfuscated JavaScript code diverted users to an attack site that employed an Iframe similar to the Gumblar attacks. Websense identified this attack site as Karlast.com, and shortly later suptullog.com. However, following the incident, the attack site was no longer allowed to operate, said the company.

Websense added that Popular Holding had been made aware of the incident. Acknowledging the receipt of the notification on the same day of the attack, Marketing Manager Lynn Lee of Popular Holding stated that they immediately addressed the problem, as reported by ZDNet Asia on June 8, 2009.

Lee said that his company's IT specialists had removed the malevolent code and then enhanced the security measures including the use of a strong firewall for their affected site. He added that a detailed investigation indicated that no customer data had been lost and the online bookstore continued to function normally through the payment gateway of eNet.

Lee also stated that the probe would continue and legal action would be taken against the perpetrators infiltrating the company's website that has its domain registered in Hong Kong and operated together with a specialized IT group in Singapore.

In the meantime, the security researchers stated, more and more of Singapore's authorized websites are being attacked for past several days. Lately, a newly devised Trojan variant has been aiming attacks at customers of the country's local banks, diverting infected computer users to a fraudulent banking site and then capturing their login credentials.

Therefore, website administrators should protect their sites by deploying the best of means, while end-users must update their anti-virus software regularly to prevent any harm from infected sites, said the security specialists.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 6/13/2009