Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
read more
David Heath
Thursday, 26 November 2009 16:13
I am advised that Whirlpool are unaware of the intrusion claimed by Shulman and refute their inclusion in this article. The text has been updated to reflect this assertion. Obviously this also casts doubt on Shulman's claim that Overclockers was also attacked. iTWire would like to apologise to both sites.
Shulman also claims that "it is part of a huge scheme all over the world. The attackers inject hidden links and scripts into legitimate pages and create a huge web of cross references allowing them to promote the infected pages in search engines. Therefore when people look for specific terms in Google the get links to the infected pages in the first set of results"
Finally, "Almost all compromised pages use unsafe ColdFusion modules that are vulnerable to SQL injection. Use a web application firewall and it won't happen to you."
Shulman provided iTWire with a link to an infected Netspeed page; we have chosen to withhold that information in this report in the sincere hope that it has been cleansed by the time of writing.
Just a few days ago, iTWire pointed out that Imperva had discovered a significant vulnerability with Yahoo!'s jobs website, also related to a SQL coding problem.
The various forms of SQL injection (and there are a great many of them) have become the favoured form of attack by the Naughty Lads of the Internet upon a variety of websites – the more prominent they are, the more they're a target.
Note that of all the major Internet security products, probably only AVG's Linkscanner would protect the lay user from this threat – the majority of other vendors rely upon static lists (albeit updated frequently) of malware sites. Static lists can never properly protect users from the ultra-dynamic nature of the malware industry these days – for instance, AVG technical experts have told iTWire that somewhere between 200,000 and 500,000 websites are registered every day with the possible intention of hosting malware. Many of these sites are loaded with benign material until the botnet army is launched with suitable links. A few hours or days later, the content is gone.
Although a comment was requested via their website, Netspeed had not responded at the time of publishing. Any response will be added as it becomes available.
Loading comments ...
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
LATEST HEADLINES FROM YOUR IT
