Monday, July 16, 2007

Web site security threats

We recently attended a security seminar presented by Trend Micro where they said that most of the security threats faced by computers these days are being delivered by web sites. Note how we didn't say malicious web sites, why? Well, the example that Trend gave was that the web site for the Miami Dolphins football team in the US had been hacked and a small piece of code had been added to their front page that when opened would download a trojan to the viewers computer. Once the trojan was downloaded, it would then execute and download more malware, ultimately allowing the PC to be controlled by hackers for whatever purpose they deemed.

Now you might think that this is all a bit far fetched and only happens in places like America, well think again! The following report in the Sydney Morning Herald highlights how the same thing happened to the web site of the Sydney Opera House. According to the story :

The code would infect web browsers that were not patched with the latest security updates with Trojan software, most likely designed to capture sensitive information such as internet banking details from victims' computers.

and

Ms Swaffield says NSW police were informed of the security breach, the incident was documented but no action was taken. The Sydney Opera House site is visited by more than 300,000 internet users every month.

Hmmm..interesting eh? If you want a reason to ensure that your workstations are up to date look no further than this story because as it says the trojan would “infect unpatched machines” and that up to 300,000 people use this legitimate web site every month.

So don't just think that it is your emails that are your biggest security threat, it is all those network users surfing web sites on unpatched machines that can cause major problems.

For the full story see : http://www.smh.com.au/news/security/hackers-infected-opera-house-website/2007/06/11/1181414219766.html