Trend Micro’s Website Hacked
Trend Micro’s Website Hacked
March 19, 2008: Security firm Trend Micro has had a difficult week after new that it’s website has been hacked came to light.
The antivirus vendor confirmed last Thursday that some sections of its site had been compromised, but refused to confirm wether customers might be affected by the breech.
Sector competitor Sophos, however, has come forward to fill in more details about the hack on Trend Micro’s site.
“If you have visited the website of anti-virus company Trend Micro this week there is a chance that your computer has been exposed to malware,” reads the official Sophos blog. “It has not yet been revealed how the webpages on the security website were altered by the hackers, although it is likely a software vulnerability on the site was exploited.”
The company says it has detected Mal/Iframe-F, Troj/Drop-I, and the Troj/Portles-E backdoor Trojan horse on Trend Micro’s site, however, it is quick to point out that its analysts have discovered thousands of other webpages (detected as Troj/Badsrc-A) on other websites.
It adds that “this isn’t the time or place to make cheap shots against a competitor. The good news is that Trend Micro took the affected webpages down as soon as they discovered there was a problem, and the problem no longer appears to exist.”
The case goes to show that everyone is vulnerable and given enough time a determined foe can indeed find a weak spot. And with email becoming an unfashionable way to spread malware, websites are rapidly becoming the mode de jour for hackers to infect new hosts.
Sophos depressingly says that it discovers a new infected webpage every 14 seconds, and that in the past it has found compromised websites as varied as Wedding Photographers, Antiques firms, Pilates Classes and Ice Cream Manufacturers.
“Even the US Consulate General in St Petersburg [was] the unfortunate victim of a malicious web attack. It seems we now have to add anti-virus companies to that list,” writes Sophos.
Comment on this story