By DEBORAH GAGE
San Francisco Chronicle
April 04, 2008
One goal is to infect users' computers, possibly by installing a device to capture keystrokes, and therefore passwords and other sensitive information.
Seven out of 10 Web sites are vulnerable to these flaws, according to WhiteHat Security in Santa Clara, Calif. It's unclear, however, how widespread the problem is because many users don't realize they've been infected.
Google is working on a filter that will find and automatically block such malicious Web addresses, a spokesman said Tuesday. In the meantime, it has been contacting affected organizations to advise them on how to fix their sites' vulnerabilities.
In the latest attacks, which occurred last week, hackers planted malicious search terms in Web addresses along with popular search words so the sites would be ranked high in Google searches.
One site that was infected, the TalkingBiz blog run by the University of North Carolina in Chapel Hill, tried to get visitors to download malicious code from a site hosted in American Samoa that has since been taken down. The location of the site does not indicate the location of the hackers, however.
The university said it doesn't know how the site was infected or who is responsible for the attack.
Among the retail victims named Friday were Wal-Mart, Target, Sears and Bloomingdale's, according to an independent security consultant, Dancho Danchev, who has been blogging about the attacks from the Netherlands since the beginning of March.
The attacks were also reported by several security vendors and the Internet Storm Center at SANS, a group of researchers in Bethesda, Md.
Wal-Mart, Target and Sears said they were aware of the attacks. Wal-Mart said that its site had not been affected and that it protects customers from "fraudulent online activity." Target said that it works with Amazon, which provides Target's Web infrastructure, to protect customers and that there is no risk to customers who visit Target.com. Sears said it is "taking the appropriate steps to ensure the Web site's security." Bloomingdale's was not available for comment.
Media targets named by Danchev include USAToday, ABCNews, Forbes.com and News.com. USAToday reported on the attacks on Monday.
Mass Web attacks were also reported in mid-March by Websense, a security vendor in San Diego that filters Web sites for corporations. Hackers were probing Web pages looking for vulnerabilities to an attack that allowed the hackers to get into and make changes to any SQL server databases behind the vulnerable sites, said Charles Renert, senior director of advanced content research.
In some cases, every record in a database was linked to a piece of malware, Renert said.
Keeping your computer secure:
Users can best protect themselves by updating their anti-virus software and securing their browsers, according to US-Cert, a division of the Department of Homeland Security.
Distributed to subscribers for publication by
Scripps Howard News Service, http://www.scrippsnews.com
Publish A Letter in SitNews Read Letters/Opinions