Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
We asked Wing Fei Chia, security bigwig at F-Secure, some additional questions surrounding the claim of ZDNet Asia’s search engine being hacked by iFRAME links. Chia answered iTWire’s questions via email.
Q. When did you notice the problem first occurring?
A. “It was reported yesterday night but I only had a look at the case this morning. But the number of cached pages loading iFrame returned has almost doubled since then”.
Q. Can it potentially affect other ZDNet websites or perhaps CNET websites since they are owned and operated by the same company?
A. “The search engine was abused because ZDNet Asia's Search Engine Optimization
(SEO) actually practices locally caching of search queries. Therefore, if the other ZDNet and CNET Websites were using the same practices, they can be affected too”.
Q. Whose search engine was used?
A. “The search engine referred in the blog is ZDNet Asia's search engine and the SEO used by ZDNet Asia is Omniture Site Catalyst”.
Q. How widely spread in the problem and how easy is it to fix it?
A. “I am not quite sure how widely spread this problem but it can be easily removed by getting like Google to remove them from their index”.
Q. Would your [F-Secure’s] standard security software protect you from this attack?
A. "Yes, it does. We not only protect users from malicious iFrames, we also detect the variant of Zlob Trojan in this particular case which is Trojan-Downloader:W32/Zlob.HOG".
Note: we clarified with Chia in a phone call that other brands of ‘Internet security software’ should also protect users against the iFRAME attack, although this will obviously depend on whether or not the security software in question has been regularly updated.
Q. How vulnerable are other websites for this kind of attack?
A. "This particular attack what we call a malware embedded attack which is not uncommon these days and mostly targeting legitimate sites".
Q. Anything else that you'd like to add to your blog post?
A. "Not at the moment".
As Chia has noted, ZDNet Asia’s actual website isn’t under attack, but their search engine appears to be affected.
No doubt ZDNet Asia will quickly fix this problem, but it’s a good reminder to us all to check our websites and our servers, applying whatever patches, fixes and cleanups are necessary to remove these rather silent threats, which many legitimate companies, as Chia mentions, could easily be the victims of.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
