Threat of the week: local news sites

We’ve told you how even companies with good IT security can have their networks penetrated if they are doing business with firms that have poor security. It’s time to look at the individual version of this. Everyone knows that visiting naughty websites is a great way to infect your computer with a virus. Now you can add local news sites to the list.

That’s right; thieves are injecting local news websites with malware that infects visitors’ machines. Once on the infected computer, the malware transmits the users’ online banking information to a server owned by the criminals. You can guess what happens next.

The attackers find which banks have weak online banking security by scanning a range of IP addresses to see which ones use a specific type of website login that is known to be vulnerable, Jason Rebholz, a consultant with cyber security firm Mandiant told Killer Apps. (He didn’t disclose the specific login.) Then they install a Java exploit onto local media sites in the area that the bank is in so that they can collect informaton from its likely customers.

The hackers are going after local news stations because in many cases, they don’t have very good IT security and they have lots of traffic, according to Rebholz.

"They found something local through those scans and the popped it that way," said Rebholz, who notes that this type of malware isn’t limited news sites, those are just the only cases he has seen. (And of those, he’s seen less than ten cases.)  "Judging by what their budget would be for IT security and what I’ve seen in other industries, usually the [smaller businesses] security is an afterthought, it’s not something that they’re going to do right away.

For hackers, "it’s all about going after the low hanging fruit," he added.

As is often the case with security breaches, the news stations may have failed to perform even basic security tasks such as updating their software in time to prevent hackers from taking advantage of known flaws in the software.