Is your website accused of phising? Phishing sites on the rise due to web application vulnerabilities
Posted by Minal Pithia on Mon, Oct 03, 2011
In July of this year our Incident Response Teams hands were full, we received a flood of phishing sites and a majority of them were caused by the osCommerce attack and WordPress vulnerabilities. Phishing sites coming from open source web applications are very popular and a rich target environment for hackers.
osCommerce (“open source Commerce”) is an e-commerce and online store-management software program available for free. It’s an online shopping cart functionality that allows store owners to setup, run, and maintain online transactions. This is a cost effective application to have for your site; however, like any software there are vulnerabilities. In July the popular osCommerce software was under attack and millions of websites were trapped! “When researchers from Armorize first spotted the exploit on July 24, they estimated it had injected malicious links into about 91,000 webpage’s. The Reg reported it had taken hold of almost 5 million pages Google searches here and here suggested that the number exceeded to 8.3 million” (register.co.uk). According to Armorize the attack was caused by malware known as “willysy” which injected malicious java code into the merchant’s website. As a result, the attack exploited known vulnerabilities; which allowed perpetrators to place an invisible iframe (hidden from the user but runs in the browser); the iframe injects malicious code and infects the end-users machine with malware. This gave perpetrators full control over the webpage allowing them to upload a phishing page.
WordPress is a great tool and one of the most popular blogging tools out there. It’s easy to use, and you can develop great sites for your business or personal use. However, the popularity of WordPress has made it an easy target for phishers. Although, WordPress offers great plugins to make your site more “internet friendly”, like any other web application security holes are found and web designers fail to update the latest patches. This situation allows hackers to get inside and compromise these sites for illegal purposes, phishing being the most popular. It’s easier for phishers to hack a website with a security hole than to go and register a domain. As a result, website owners who don't clean up their site not only risk getting their websites to be blocked or flagged as dangerous but they also expose their customers to infections like malware. This in-turn can hurt the brand and reputation of your company. The number of compromised legitimate sites hosting phishing and malware are growing. According to Sophos, so far this year they’ve seen 19, 000 new malicious URLS, 80% of those URL’s were legitimate sites that were hacked or compromised.
To get a deeper understanding of how to secure and manage your web applications watch Sophos video on Anatomy of an attack, this video highlights how ‘Exploit Packs Threaten Your Applications”. Senior Security Advisor, Chester Wisniewski describes how large quantities of applications and plugins make you and your users more vulnerable to “exploit packs”. Exploit Packs are available in the underground market of cyber criminals. They use these exploit packs to target popular web applications that are not patched and use these vulnerabilities to infect the end-users with malware and give perpetrators full access to a website. Once again, Sophos stresses on updating the latest security patches! Patching all your programs is the number 1 security measure one should take. Patches work like bandages; they seal flaws in software to make it more secure. Chester Wisniewski, suggests to establish standards – minimizing your applications, get rid of the ones you don’t need and minimize security risks. The key to protecting your site from getting hacked is simple, maintain it and keep it up to date.