Security news
Security news3 November 2006
Hackers hijack Wikipedia page to spread malware
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded computer users to be wary of unsolicited emails and believing everything they read on the internet, after hackers took advantage of the popular Wikipedia encyclopedia in their attempt to spread malicious code.
Wikipedia allows anyone to create and modify articles, a policy of openness which has often been abused by mischief-makers in the past. Taking advantage of this fact, an article on the German edition of Wikipedia, de.wikipedia.org, was created by hackers claiming to include a link to a fix for a supposedly new version of the Blaster worm. However, the "fix" was actually a piece of malicious code known as Troj/Nordex-A, designed to infect visitors' PCs.
Hackers then spammed out an email to German computer users, claiming to come from Wikipedia, and directing them to information about the "new worm". Sophos's global network of spamtraps intercepted the spam messages, and customers were protected from receiving the emails by Sophos's anti-spam solutions.
The spammed email directed recipients to the Wikipedia article.
"The good news is that the authorities at Wikipedia quickly identitifed and edited the article on their site," said Graham Cluley, senior technology consultant for Sophos. "Unfortunately, however, the previous version of the page was still present in the archive and was continuing to point to malicious code. The hackers were thus able to send out spam pointing people to the page on Wikipedia, and try and lead them into infection."
Wikipedia has now confirmed that it has permanently erased the archived version of the page.
"The very openness of websites like Wikipedia - which allow anyone to edit pages - makes them terrific, but can also make them less trustworthy. In this case, it wasn't just that the information posted in Wikipedia's articles was misleading, it was downright malicious," continued Cluley. "Everyone should exercise caution and ensure they have appropriate defenses in place to protect their computer systems. Additionally, people should remember that if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."
Sophos recommends companies protect their desktops, servers and gateways with a consolidated solution to thwart the threats of viruses, spyware, phishing and spam.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
