Security breach at Web host leaves sites at risk
Visitors to thousands of sites may have been left vulnerable to infection
Computerworld - An administrative error at Web hosting provider Interland Inc. may have caused thousands of hosted sites to become infected with malicious code.
Visitors to those infected Interland-hosted sites were in turn vulnerable to having their systems compromised by code that could allow them to be turned into proxy servers, a security expert said last week.
Atlanta-based Interland manages over 7,000 servers and hosts more than 250,000 Web sites for predominantly small and medium-size businesses. Jeff Reich, director of security at Interland, last week confirmed that a security breach caused disruptions in service for many of the hosted sites during the last week of August.
Reich said the security breach resulted in malicious HTML code being injected into the footers that appear at the bottom of Web pages hosted on Interland's servers. The code prevented infected Web pages from loading properly, causing some sites to become unavailable.
The company learned of the problem on Aug. 28 when customers called to complain of service disruptions, according to Reich. What started as a small-scale problem quickly became a large-scale event, he said, declining to specify how many sites may have been affected. He said he believes that by Sept. 4, the problem was no longer affecting customers.
"I can definitely say it was an administrative error that allowed this to occur," Reich said, without elaborating. "From a customer perspective, we don't see this as being caused by any inherent problem" with the products or services Interland uses, he added.
"We had problems with the Web site," said Tony Johnson, webmaster at Trinidadexpress.com, an online newspaper hosted by Interland that covers Trinidad and Tobago and is based in Port of Spain. "We've had our servers at Interland needing rebooting manually" due to their inaccessibility through Microsoft Corp.'s Windows Terminal Server, Johnson said in an e-mail. Although Interland posted information about some sites experiencing problems, it hasn't explained what might have caused them, he added.
As many as 5,000 sites per day may have been infected before Interland had a chance to fix the problem, said Joe Stewart, a senior security researcher at Lurhq Corp., a managed security services provider in Chicago. Lurhq began tracking the problem Aug. 28 when it began noticing traffic on newslists about service disruptions for sites being hosted by Interland.
According to Stewart, the HTML code that was appended to the footers contained instructions that would cause an executable program to be downloaded from another location to vulnerable systems belonging to those who visited the infected sites. The code took advantage of a flaw, disclosed on Aug. 20, in several versions of Microsoft's Internet Explorer browser .
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts