May 09, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« What the Future Holds for Security | Main | Does the Security Industry Have a Future? A Talk With Bruce Schneier »

March 19, 2008
The Wild Wild World Wide Web

Just wanted to make sure my readers were aware that the internet content security company, Trend Micro, fell victim to a massive Web attack last week. According to CSO online, the attack happened last Thursday and more than 20,000 pages were effected by the attack, infecting them with malicious code that tried to install password-stealing software on visitors' computers.

I see this attack like cops see those people who attack cops -- you hit back with overwhelming force, because anyone who would attack a cop wouldn't hesitate to attack a regular old civilian. So how did these hackers get at Trend Micro, and what does that mean for us civilian websites?

Quick note: this is all the more reason to bone-up on what attacks we can expect in the future by attending ebizQ's Threatscape 2008. Sign up right here.

Experts aren't certain how the attackers did it, but all the infected web pages did use Microsoft's Active Server Page (ASP) technology, which is used to create dynamic HTML pages. Also, the effected pages were not directly infected, but the hackers added a bit of JavaScript the redirected visitors' browsers to an invisible attacks launched from servers in China. This same trick was used last year on the Miami dolphins website previous to last year's Super Bowl.

One good thing is users whose software is up-to-date were not at risk, but McAfee warns that some of the exploits are for ActiveX that controls for online gaming, not altogether ubiquitous, but rare enough that someone may not think to patch it.

Trend Micro is not the only company to end up hacker chum, as this past January CA's Web site was infected with a similar type of attack. And what does that mean for us: Be wary, but what can you do but business as usual.not the only company to have had its Web site hacked in recent months. In January, parts of CA’s Web site were infected with a very similar type of attack.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3266

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BAM for BPM Survey Results Are In! Learn What’s Driving New BAM Investments
Date: May 13, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Avoid the SOA Pitfalls that Prevent ROI
Date: May 15, 2008
Time: 14:00 PM ET
(18:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map