BusinessWeek website compromised

Share this article:

The BusinessWeek magazine website has been infected with code that could redirect visitors to malicious servers.

The site's infection seems to be a classic SQL injection attack -- code injected into servers feeding the site link to a Russian domain that could download malware onto the computers of the website's users.

The infection seems to have been in place for some time. According to Google Safe Browsing, “Of the 2,157 pages tested on the site over the past 90 days, 214 pages resulted in malicious software being downloaded and installed without user consent.”

The Google summary reports that some 11 domains appear to be functioning as intermediaries for distributing malware to visitors of the site.

BusinessWeek has responded in a release that said, "Online security is a top priority and, while we continue to investigate the matter, we are confident that our readers' personal information has not been compromised."

This threat and others like it seem to be spreading.

According to a blog entry by Graham Cluley, senior technology consultant at Sophos, “Over 16,000 new infected webpages are discovered every single day. That's one every five seconds -- three times faster than the rate during 2007.”

According to Ryan Barnett, director of application security at Breach Security, the underlying issue centers on mass SQL injection bots.

“The vulnerabilities are at the web application, which may not be doing proper validation, or at the database itself, which may allow users too high level a privilege,” he told SCMagazineUS.com. “It also could be that a web application encodes data coming back from the server improperly, so that the browser can be tricked – it does not know that it is not supposed to execute the malicious code.”

He added: “These three factors are behind the attacks. All three have to be in place, and unfortunately at a lot of sites they are.”

Share this article:

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.