Gadgetell | Tech News, Reviews, and Interesting Things

BusinessWeek’s website has fallen under attack by hackers. Security vendor Sophos discovered the attack last week. Hundreds of pages of the popular site have been infected with malicious Javascript that redirects users to a Russian website that attempts to download malware to their computers. While some of the download attempts are being detected by malware blockers, many more are slipping through easily. The stats compiled by Google’s Safe Browsing API are alarming:

Of the 2157 pages we tested on the site over the past 90 days, 214 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/15/2008, and the last time suspicious content was found on this site was on 09/11/2008. Malicious software includes 721 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 2 new processes on the target machine.

Hijacking legit sites for malware attacks is nothing new. In the past USA Today, Facebook, MySpace, and others have been used by hackers for malware delivery. Experts estimate that at least 70% of all web based malware is hosted on legit sites. It is not yet known how many BusinessWeek.com visitors were caught in the attack and infected, and the site has had no comment.

To protect yourself, make sure you’re using an up-to-date browser. The latest versions of both Internet Explorer and Firefox have built in tools that will detect and block most malicious download attempts. A good antivirus program is also essential. AVG’s free offering has a handy toolbar for IE that will alert you to any malicious sites that may show up on a search engine. Microsoft offers its own malware tool, but it is only good at detecting malware already infecting your system. Linux and Apple users have no worries as these exploits won’t work on those systems.

Read[ZDNet]