Shaun Nichols of vnunet.com writes Tuesday that BusinessWeek’s Web site was the recent victim of an attack that inserted malicious code.
Nichols writes, “SQL injection attacks are performed by entering specially-crafted code into a page’s input field which can covertly redirect users to malicious sites. In this case, the code was redirecting users to an attack page hosted in Russia, according to Cluley.
“‘It is worrying when any site suffers from a malicious SQL injection attack but, when it’s also one of the 1,000 busiest websites on the internet, the stakes are even higher,’ he said.
“‘The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected.’
“The magazine has said that it has removed the offending web application and that no user data was believed to be compromised.”
Read more here.
