Infrastructure

Home page

Infrastructure

Mass Web attack hits Wall Street Journal, Jerusalem Post â€Ž

10 June 2010 15:05 (UTC +04:00)

Baku - APA-Economics. Internet users have been hit by a widespread Web attack that has compromised thousands of Web sites, including Web pages belonging to the Wall Street Journal and the Jerusalem Post, Computerworld reported.

Estimates of the total number of compromised Web sites vary between 7,000 and 114,000, according to security experts. Other compromised sites include Servicewomen.org and Intljobs.org.

Cisco Systems’ Web-tracking subsidiary, ScanSafe, started following the incident two days ago, said Mary Landesman, a senior security researcher with Cisco. Somehow, the hackers have posted malicious HTML code on the affected Web sites that redirects victims to a malicious Web server. This server tries to install software on Web visitors’ computers. If it’s successful, the software gives the criminals a way to remotely control their victims’ PCs.

Security researchers are still gathering data on the attacks, but they suspect that hackers used what’s known as an SQL injection attack to trick the Web sites into running database commands, which ultimately gave the hackers a way of installing their malicious HTML.

All of the infected sites appear to be using the Microsoft Internet Information Services Web-server software running with Active Server Pages, according to researchers at Sucuri Security.