Security Alert
August 11, 2008
For the past several weeks viruses of moderate severity have been proliferated after legitimate sites are hacked. Subsequent visitors are automatically redirected (or click links) to malicious sites. The hackers employ a “SQL Injection Attack” to exploit vulnerabilities in a site’s programming.
Last week the NWMLS Discover website was hacked and their tech staff immediately shut down public access while they repaired the site and “hardened” it against future attacks. The following was broadcast by NWMLS yesterday in their Monday Email Update …
Discover Security & Virus Cleanup…
Last week Discover received numerous attempts to access and compromise the system. Fortunately the updated security patches installed have effectively thwarted these attacks.
While Discover was compromised and temporarily became a mechanism used to deliver malicious files (virus) it was not the only site on the Internet affected. We have reports of people getting infected from links found on key search engines as well as corporate websites.
The biggest challenge ahead of us is the clean up and prevention of future infection.
The best method one can use to get an infected system clean is to update the anti-virus software and perform a full scan. If the full scan does not resolve the issue contact the anti-virus vendor and put pressure on them to get an update available that will address the problem.
NWMLS technicians have identified several security programs that clean up some of the malicious files but none of the scans are consistent. If your anti-virus vendor does not produce the results you expect contact NWMLS for additional information.
***Please be cautious of advertised ‘clean up’ or ‘removal’ tools available on the Internet. Often these tools come with a myriad of other malicious files such as spy/adware. They are often focused on removing a specific virus and will not remove others. Again your best bet is to contact the anti-virus vendor and pressure them for an update.
NWMLS IT Department
While researching the viruses that are actually passed on as a result of this attack I have confirmed NWMLS’s comment that most “free” software fixes are themselves worse than the virus itself. Thus far Norton Anti-virus (Symantec) products have done well in protecting our systems from infection of viruses.
Several of our fellow developers have experienced similar problems as the NWMLS and we consider ourselves fortunate to have been spared this headache so far. In the event that we are attacked, we are prepared to treat this as a catestrophic event and will restore service as quickly as possible.
Comments
Got something to say?