No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

Netspeeds, website, hacked, correction
Governor Arnie's computer hacked
The office computer of California Governor Arnold Schwarzenegger has suffered a hack attack, with...
Read More
Second Life virtual disaster as users get hacked
Playing at becoming your fantasy character online has proven to be an innovative and...
Read More
Vista joins the hacked club at Black Hat
The word is that after throwing its new software creation Windows Vista at the...
Read More
CipherTrust launches anti-phishing website register
Secure messaging solutions provider, CipherTrust, has launched a free online resource where legitimate organisations...
Read More

More From

Popular Threads

Netspeed's website hacked (correction)

David Heath
Thursday, 26 November 2009 15:13

Business IT - Security

View Comments
Netspeed website has been corrupted by hackers using SQL injection techniques.

I am advised that Whirlpool are unaware of the intrusion claimed by Shulman and refute their inclusion in this article.  The text has been updated to reflect this assertion.  Obviously this also casts doubt on Shulman's claim that Overclockers was also attacked.  iTWire would like to apologise to both sites.

First detected by the Israeli-based security company Imperva, pages on the Netspeed site have been modified to include a variety of malware.  Amichai Shulman, Imperva's CTO notes, "Following the link into an infected page within a legitimate site would infect the victim's browser with a bot."  He reflects upon the fact that his organisation has detected similar malware on other prominent Australian sites, including Overclockers and Whirlpool.

Shulman also claims that "it is part of a huge scheme all over the world.  The attackers inject hidden links and scripts into legitimate pages and create a huge web of cross references allowing them to promote the infected pages in search engines.  Therefore when people look for specific terms in Google the get links to the infected pages in the first set of results"

Finally, "Almost all compromised pages use unsafe ColdFusion modules that are vulnerable to SQL injection.  Use a web application firewall and it won't happen to you."

Shulman provided iTWire with a link to an infected Netspeed page; we have chosen to withhold that information in this report in the sincere hope that it has been cleansed by the time of writing.

Just a few days ago, iTWire pointed out that Imperva had discovered a significant vulnerability with Yahoo!'s jobs website, also related to a SQL coding problem.

The various forms of SQL injection (and there are a great many of them) have become the favoured form of attack by the Naughty Lads of the Internet upon a variety of websites – the more prominent they are, the more they're a target.

Note that of all the major Internet security products, probably only AVG's Linkscanner would protect the lay user from this threat – the majority of other vendors rely upon static lists (albeit updated frequently) of malware sites.  Static lists can never properly protect users from the ultra-dynamic nature of the malware industry these days – for instance, AVG technical experts have told iTWire that somewhere between 200,000 and 500,000 websites are registered every day with the possible intention of hosting malware.  Many of these sites are loaded with benign material until the botnet army is launched with suitable links.  A few hours or days later, the content is gone.

Although a comment was requested via their website, Netspeed had not responded at the time of publishing.  Any response will be added as it becomes available.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases