BBC websites were hacked yesterday
February 16, 2011
Internet security researchers from Websense say that some streaming websites belonging to the British Broadcasting Corp were hacked into yesterday as they silently served Web visitors with viruses and malware.
An iFrame tag on the BBC's 6 Music and 1-Xtra websites injected a Trojan virus that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands.
The malicious binary file was generated by the Phoenix exploit root kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics on site visitors and users.
“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get largely infected with a malicious executable,” Websense researchers wrote in a security post.
A VirusTotal scan revealed that only 9 of the top forty-three antivirus software products detected the security threat.
This latest discovery continues a popular trend of using legitimate websites to propagate malware and viruses.
Websense didn't reveal how hackers managed to plant the wayward iFrame on the BBC's sites, however. More often than not, the rogue links are added with the help of SQL injection attacks or, less often, by exploiting compromised passwords.
Speaking of SQL injection attacks, online dating site eHarmony is asking its users to change their passwords following the discovery of a security breach on its servers last Friday.
An SQL injection security vulnerability on a secondary site created a means for screen names, email addresses and hashed passwords to be extracted from the two sites, said the senior management at eHarmony.com.
The site's managers are in the process of advising a number of users to change their login credentials as a precaution, while maintaining there has been no breach on its main site and that what security issues there were only affected a small percentage of its members that used its advice site as per this statement:
"Some data was obtained without authorization from an ancillary informational site we operate outside of our network, eHarmony Advice, which uses completely separate databases and web servers than eHarmony.com. From one eHarmony Advice master database, the hacker was successful in obtaining a file that included full user names, email addresses and passwords. User names and passwords are needed to gain access to the message boards on the eHarmony Advice site."
Possible Internet security issues involving the eHarmony network were discovered some weeks ago by the same Argentinian hacker, Chris Russo, who got into an argument with rival dating site PlentyOfFish.com over the disclosure of similar security holes on that site last week.
Brian Krebs found that someone using the moniker ‘Provider’ was offering to sell what purported to be a copy of eHarmony’s compromised database for between US $2,000 and US $3,000 via underground carding forums.
Krebs suspects Provider is either Russo or a business associate of Russo.
Both eHarmony’s chief technology officer Joseph Essas and PlentyOfFish.com chief exec Markus Frind accuse Russo of running a fraudulent shakedown, reporting problems with the sites and then offering to fix them in return for a consultancy fee.
Essas blamed third party libraries that eHarmony used for content management on its advice site for breach.
Aziz Maakaroun, business development director at vulnerability management specialist Outpost 24, said the timing of the news of the breach, days before Valentine's Day, could hardly come at a worse time for eHarmony.
“In the run up to Valentine’s Day, the timing of this purported breach could be fairly disastrous for dating websites, especially eHarmony," Maakaroun said. "For any existing customer, being told that your details have potentially been hacked is hardly an aphrodisiac."
Maakaroun added that the use of Internet application scanning tools and more specifically, port scanners can easily help identify and correct the most common types of security vulnerabilities eHarmony suffered from this attack.
As always, we will keep you updated on this and on other Internet security related news as they happen.
Source: Websense Internet Security.
You can link to the Internet Security web site as much as you like.