Email the Editor    Email a Friend    Print this Page 

MSNBC Sports Web site became the latest victim in a string of hacker attacks that has compromised more than 26,000 other sites, according to a new alert by a Web security firm.

San Diego, Calif.-based Websense Inc. alerted MSNBC and the public about the security breach Tuesday.

The incident shows a growing trend of hackers injecting code into legitimate Web sites, as well as targeting major sporting events, says the Web security company.

Websense has been tracking the exploit since February and discovered the MSNBC intrusion in one of their standard Web scans, says Stephan Chenette, manager of Websense Security Labs. Other major sites affected include TV.com, News.com and History.com.

It is one group of unknown hackers behind the attacks, using the Web pages to redirect traffic to their malicious JavaScript code hosted by service providers known for hosting malware – Intercage and the Russian Business Network, Chenette says.

“I'm labeling this attack as a search engine input optimization attack.”

He says use of search engine optimization techniques by these Web sites makes them vulnerable to and eventually victims of an input validation attack.

Hackers are able to query Web sites with a search string containing the malicious code. When the site receives that query, the code is embedded in a hidden area not seen by users, but hackers can make active.

MSNBC responded to the security breach late on Tuesday, according to a statement issued by the company.
“Within minutes of learning of the issue, msnbc.com quickly and successfully secured the singular page that was affected,” it says.

“The issue has been resolved and consumers have been logging onto NBCSports.com without experiencing any problems.”

For users accessing these popular Web sites, the threat is not to be taken lightly, says James Quin, senior research analyst at London, Ont.-based Info-Tech Research Group.

Gone are the old days when hackers defaced Web sites merely for fun.

“It was effectively the electronic version of vandalism,” Quin says. Now it's “a much more vicious and more serious threat.”

Unlike e-mails or instant messages that contain malware, contaminated Web sites don't even require that a user take an action such as clicking on a link. The script is run automatically.

Hackers have designed the method to by-pass both security measures and the malware education of most Web users, Quin says. “It will make Web surfing something the average user has to be extremely careful about.”

At time of press, a Google search for the malicious code found 26,400 sites infected by the malicious code.

It is the result of hackers exploiting a shared vulnerability amongst the affected Web sites, says Alfred Huger, vice president of engineering for Symantec Corp.'s security response group, the Cupertino, Calif.-based software security vendor.

“Once they have a list of sites they think are vulnerable, they break in to all of them,” he says.

The piece of JavaScript affecting MSNBC and other sites directs browsers to www.2117966.net and the infected computers – known as zombies – send information to the IP address 61.188.39.175.

share: