Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

BBC websites were hacked yesterday

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

February 16, 2011

Internet security researchers from Websense say that some streaming websites belonging to the British Broadcasting Corp were hacked into yesterday as they silently served Web visitors with viruses and malware.

An iFrame tag on the BBC's 6 Music and 1-Xtra websites injected a Trojan virus that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands.

The malicious binary file was generated by the Phoenix exploit root kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics on site visitors and users.

“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get largely infected with a malicious executable,” Websense researchers wrote in a security post.

A VirusTotal scan revealed that only 9 of the top forty-three antivirus software products detected the security threat.

This latest discovery continues a popular trend of using legitimate websites to propagate malware and viruses.

Websense didn't reveal how hackers managed to plant the wayward iFrame on the BBC's sites, however. More often than not, the rogue links are added with the help of SQL injection attacks or, less often, by exploiting compromised passwords.

Speaking of SQL injection attacks, online dating site eHarmony is asking its users to change their passwords following the discovery of a security breach on its servers last Friday.

An SQL injection security vulnerability on a secondary site created a means for screen names, email addresses and hashed passwords to be extracted from the two sites, said the senior management at eHarmony.com.

The site's managers are in the process of advising a number of users to change their login credentials as a precaution, while maintaining there has been no breach on its main site and that what security issues there were only affected a small percentage of its members that used its advice site as per this statement:

"Some data was obtained without authorization from an ancillary informational site we operate outside of our network, eHarmony Advice, which uses completely separate databases and web servers than eHarmony.com. From one eHarmony Advice master database, the hacker was successful in obtaining a file that included full user names, email addresses and passwords. User names and passwords are needed to gain access to the message boards on the eHarmony Advice site."

"Please be assured that eHarmony uses robust Internet security measures, including password hashing and full data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. As a result, at no point during this attack did the hacker successfully get inside our eHarmony network."

"In addition, please note that there was very little overlap between the eHarmony Advice data obtained and the data that resides within our other Web properties. We have taken swift and appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total eHarmony.com user base. We deeply regret any inconvenience this causes any of our users."

Possible Internet security issues involving the eHarmony network were discovered some weeks ago by the same Argentinian hacker, Chris Russo, who got into an argument with rival dating site PlentyOfFish.com over the disclosure of similar security holes on that site last week.

Brian Krebs found that someone using the moniker ‘Provider’ was offering to sell what purported to be a copy of eHarmony’s compromised database for between US $2,000 and US $3,000 via underground carding forums.

Krebs suspects Provider is either Russo or a business associate of Russo.

Both eHarmony’s chief technology officer Joseph Essas and PlentyOfFish.com chief exec Markus Frind accuse Russo of running a fraudulent shakedown, reporting problems with the sites and then offering to fix them in return for a consultancy fee.

Essas blamed third party libraries that eHarmony used for content management on its advice site for breach.

Aziz Maakaroun, business development director at vulnerability management specialist Outpost 24, said the timing of the news of the breach, days before Valentine's Day, could hardly come at a worse time for eHarmony.

“In the run up to Valentine’s Day, the timing of this purported breach could be fairly disastrous for dating websites, especially eHarmony," Maakaroun said. "For any existing customer, being told that your details have potentially been hacked is hardly an aphrodisiac."

Maakaroun added that the use of Internet application scanning tools and more specifically, port scanners can easily help identify and correct the most common types of security vulnerabilities eHarmony suffered from this attack.

As always, we will keep you updated on this and on other Internet security related news as they happen.

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: Websense Internet Security.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Do it right this time. Click here and we will take good care of you!


Get your Linux or Windows dedicated server today.