IDG News Service - A hacker compromised the corporate Web site of France Telecom SA's Internet service provider subsidiary, Wanadoo, on Monday, causing the site to try to install a malicious software program on visitors' computers, the company said yesterday.
The site, www.wanadoo.com, had been altered to use two common software exploits that redirect visitors' Web browsers from Wanadoo.com to Web sites that attempted to download a Trojan horse program onto their computers. The attacks are just the latest example of malicious hackers compromising prominent Web pages and using them to distribute malicious code to unsuspecting users.
"Someone succeeded in breaking into the site and altering a page," Wanadoo spokeswoman Caroline Ponsi said yesterday. The attack happened Monday night, she said, and occurred despite the fact that "all our software is up to date."
"We're in the process of checking everything before starting it up again," she said. "We have an idea how he got in."
Wanadoo has identified the network from which the attack originated, and has made a complaint to the ISP concerned, she said.
The Wanadoo site was taken down at about 5:30 p.m. Central European time Tuesday, redirecting visitors to a notice that a technical problem had occurred.
During the attack, Wanadoo.com distributed copies of two common exploits, Exploit-ByteVerify and MHTML URL. At least one of the files, MHTML URL, was also used in the June attacks that used compromised Internet Information Services Web servers to distribute malicious code, said Craig Schmugar, virus research manager at McAfee Inc.'s Antivirus Emergency Response Team Labs.
If the attack successfully exploited the software holes, users unknowingly accessed a Web site that copied a Trojan horse program called loaderfox onto their computers.
Microsoft Corp. issued software patches for the holes compromised by both exploit programs, Schmugar said. McAfee's antivirus software spotted the files pushed out by Wanadoo.com.
The Wanadoo site, which usually provides background information on the company's strategy and structure, was still not operating today, although the redirection was changed to point toward the site for Wanadoo's French subscribers.
The Wanadoo hack is the latest in a string of such incidents in recent months.
In June, a Russian hacking group known as the hangUP team used a recently patched buffer overflow vulnerability in Microsoft's implementation of Secure Sockets Layer to compromise vulnerable Windows 2000 systems running IIS Version 5 Web servers. The June attacks also used two vulnerabilities in Windows and the Internet Explorer Web browser to silently run a malicious computer code called Scob or Download.ject. from the IIS servers on machinesthat visited the compromised sites, redirecting the customers to Web sites controlled by the hackers and downloading a Trojan horse program that captures keystrokes and personal data.
Last week, researchers at PivX Solutions Inc. in Newport Beach, Calif., intercepted malicious code that closely resembled Scob. The new attacks used mass-distributed instant messages to lure Internet users to Web sites that distribute malicious code similar to Download.ject, said Thor Larholm, senior security researcher at PivX.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
