Although hackers inserted malicious code into the website of Trend Micro last week, the security vendor said visitors to the site were not adversely affected.
“Earlier this week, we realized that part of our public online Virus Encyclopedia (VE) was altered via external hacking,” the company said in a blog posting available here. “The redirect placed on our site didn’t work properly so nobody visiting the hacked pages was at risk of infection.”
The company said that it responded to the hack by shutting the VE pages down for several hours, patching the systems and removing the inserted code before putting the pages up again. “We have already taken interim measures to further harden the VE system against future attacks. This incident was part of a wider attack on websites around the world,” the blog noted.
The pages on the company’s English- and Japanese-language sites were infected with what Trend Micro called JS_DLOADER.TZE.
“The threat depended on redirection to a third site,” Mike Sweeney, global public relations director at Trend Micro, told SCMagazineUS.com. “The key thing to understand is we now know the redirect didn’t work properly. There was no risk of infection.”
The attack on Trend Micro was not an isolated incident, as there was a wave of attacks against other websites over the last week. Security vendor McAfee reportedly uncovered what Craig Schmugar termed in a blog post “a mass hack affecting over 10,000 web pages.”
He noted that “the attack seems to have started more than a week ago, and nearly 200,000 web pages have been found to be compromised, most of which are running phpBB,” the open source online community development software product. The more recent attacks, however, were against Active Server Pages (ASP), a Microsoft technology for building dynamic websites.
“The ASP attacks are different than the phpBB ones in that the payload and method are quite different,” Schmugar noted. “Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.”
The attack on the Trend Micro site “points out the need to be vigilant and improve technologies,” Sweeny said. “It shows that web threat technology is absolutely essential.”
The attack on Trend Micro’s site was originally reported by Graham Cluley on the SophosLabs blog.
Trend Micro is not the only security vendor whose website has been hacked recently. Portions of CA’s web site were infected with a similar attack in January.